diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index e4fbeb472..300cdd66b 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -12,9 +12,10 @@ on: env: LGTM_INDEX_XML_MODE: all + LGTM_INDEX_FILETYPES: ".json:JSON" jobs: - analyze: + analyze-javascript: name: Analyze runs-on: 'ubuntu-latest' permissions: @@ -54,19 +55,16 @@ jobs: -o "$cds_file.json" done - # Initializes the CodeQL tools for scanning. - - name: Extract version from qlt.conf.json - uses: sergeysova/jq-action@v2 - id: version - with: - cmd: 'jq .CodeQLCLIBundle qlt.conf.json -r' + - name: Extract CodeQL bundle version from qlt.conf.json + run: | + echo "BUNDLE_VERSION=$(jq .CodeQLCLIBundle qlt.conf.json -r)" >> $GITHUB_ENV - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: javascript config-file: ./.github/codeql/codeql-config.yaml - tools: https://github.com/github/codeql-action/releases/download/${{steps.version.outputs.value}}/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz debug: true - name: Perform CodeQL Analysis diff --git a/.github/workflows/javascript.sarif.expected b/.github/workflows/javascript.sarif.expected index 016d091fc..4554aeba4 100644 --- a/.github/workflows/javascript.sarif.expected +++ b/.github/workflows/javascript.sarif.expected @@ -2835,7 +2835,7 @@ } ] }, { "name" : "advanced-security/javascript-sap-ui5-queries", - "semanticVersion" : "0.6.0+f0edf44a8f8752bf272345a75f00be922e0919a8", + "semanticVersion" : "0.6.0+c94eafdc33da5596916ef1e4345694bfc67155c3", "rules" : [ { "id" : "js/ui5-xss", "name" : "js/ui5-xss", @@ -2985,7 +2985,7 @@ } ] }, { "name" : "advanced-security/javascript-sap-cap-queries", - "semanticVersion" : "0.2.0+f0edf44a8f8752bf272345a75f00be922e0919a8", + "semanticVersion" : "0.2.0+c94eafdc33da5596916ef1e4345694bfc67155c3", "rules" : [ { "id" : "js/cap-sql-injection", "name" : "js/cap-sql-injection", @@ -3128,7 +3128,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/codeql/codeql-config.yaml", + "uri" : ".github/codeql/extensions/javascript/frameworks/cap/ext/ext/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 7 } @@ -3154,7 +3154,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/qlpack.yml", + "uri" : ".github/codeql/codeql-config.yaml", "uriBaseId" : "%SRCROOT%", "index" : 8 } @@ -3206,7 +3206,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/ui5.model.yml", + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 10 } @@ -3232,7 +3232,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/additional-sources.model.yml", + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/ui5.model.yml", "uriBaseId" : "%SRCROOT%", "index" : 11 } @@ -3258,7 +3258,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/qlpack.yml", + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 12 } @@ -3284,7 +3284,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/workflows/code_scanning.yml", + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/additional-sources.model.yml", "uriBaseId" : "%SRCROOT%", "index" : 13 } @@ -3310,7 +3310,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : ".github/workflows/run-codeql-unit-tests-javascript.yml", + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 14 } @@ -3336,7 +3336,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "codeql-workspace.yml", + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 15 } @@ -3362,7 +3362,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/lib/qlpack.yml", + "uri" : ".github/workflows/code_scanning.yml", "uriBaseId" : "%SRCROOT%", "index" : 16 } @@ -3388,7 +3388,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/src/qlpack.yml", + "uri" : ".github/workflows/run-codeql-unit-tests-javascript.yml", "uriBaseId" : "%SRCROOT%", "index" : 17 } @@ -3414,7 +3414,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/package.json", + "uri" : "codeql-workspace.yml", "uriBaseId" : "%SRCROOT%", "index" : 18 } @@ -3440,7 +3440,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", + "uri" : "javascript/frameworks/cap/lib/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 19 } @@ -3466,7 +3466,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/qlpack.yml", + "uri" : "javascript/frameworks/cap/src/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 20 } @@ -3492,7 +3492,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", + "uri" : "javascript/frameworks/cap/lib/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 21 } @@ -3518,7 +3518,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", + "uri" : "javascript/frameworks/cap/src/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 22 } @@ -3544,7 +3544,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/package.json", + "uri" : "javascript/frameworks/cap/test/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 23 } @@ -3570,7 +3570,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 24 } @@ -3596,7 +3596,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", + "uri" : "javascript/frameworks/cap/test/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 25 } @@ -3622,7 +3622,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/package.json", "uriBaseId" : "%SRCROOT%", "index" : 26 } @@ -3648,7 +3648,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", "uriBaseId" : "%SRCROOT%", "index" : 27 } @@ -3674,7 +3674,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 28 } @@ -3700,7 +3700,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 29 } @@ -3726,7 +3726,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 30 } @@ -3752,7 +3752,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 31 } @@ -3778,7 +3778,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 32 } @@ -3804,7 +3804,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", "uriBaseId" : "%SRCROOT%", "index" : 33 } @@ -3830,7 +3830,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/package.json", "uriBaseId" : "%SRCROOT%", "index" : 34 } @@ -3856,7 +3856,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 35 } @@ -3882,7 +3882,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 36 } @@ -3908,7 +3908,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 37 } @@ -3934,7 +3934,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 38 } @@ -3960,7 +3960,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 39 } @@ -3986,7 +3986,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/package.json", "uriBaseId" : "%SRCROOT%", "index" : 40 } @@ -4012,7 +4012,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", "uriBaseId" : "%SRCROOT%", "index" : 41 } @@ -4038,7 +4038,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 42 } @@ -4064,7 +4064,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 43 } @@ -4090,7 +4090,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 44 } @@ -4116,7 +4116,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 45 } @@ -4142,7 +4142,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 46 } @@ -4168,7 +4168,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", "uriBaseId" : "%SRCROOT%", "index" : 47 } @@ -4194,7 +4194,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 48 } @@ -4220,7 +4220,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/package.json", "uriBaseId" : "%SRCROOT%", "index" : 49 } @@ -4246,7 +4246,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 50 } @@ -4272,7 +4272,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 51 } @@ -4298,7 +4298,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 52 } @@ -4324,33 +4324,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - } - } - } ], - "message" : { - "text" : "" - }, - "level" : "none", - "descriptor" : { - "id" : "js/diagnostics/successfully-extracted-files", - "index" : 1, - "toolComponent" : { - "index" : 0 - } - }, - "properties" : { - "formattedMessage" : { - "text" : "" - } - } - }, { - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 53 } @@ -4376,7 +4350,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/package.json", "uriBaseId" : "%SRCROOT%", "index" : 54 } @@ -4402,7 +4376,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", "uriBaseId" : "%SRCROOT%", "index" : 55 } @@ -4428,33 +4402,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - } - } - } ], - "message" : { - "text" : "" - }, - "level" : "none", - "descriptor" : { - "id" : "js/diagnostics/successfully-extracted-files", - "index" : 1, - "toolComponent" : { - "index" : 0 - } - }, - "properties" : { - "formattedMessage" : { - "text" : "" - } - } - }, { - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", "uriBaseId" : "%SRCROOT%", "index" : 56 } @@ -4480,7 +4428,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 57 } @@ -4506,7 +4454,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 58 } @@ -4532,7 +4480,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 59 } @@ -4558,7 +4506,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 60 } @@ -4584,7 +4532,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 61 } @@ -4610,7 +4558,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/package.json", "uriBaseId" : "%SRCROOT%", "index" : 62 } @@ -4636,7 +4584,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", "uriBaseId" : "%SRCROOT%", "index" : 63 } @@ -4662,7 +4610,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 64 } @@ -4688,7 +4636,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 65 } @@ -4714,7 +4662,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 66 } @@ -4740,7 +4688,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 67 } @@ -4766,7 +4714,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 68 } @@ -4792,7 +4740,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/package.json", "uriBaseId" : "%SRCROOT%", "index" : 69 } @@ -4818,7 +4766,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", "uriBaseId" : "%SRCROOT%", "index" : 70 } @@ -4844,7 +4792,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 71 } @@ -4870,7 +4818,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/lib/qlpack.yml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 72 } @@ -4896,7 +4844,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 73 } @@ -4922,7 +4870,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/src/qlpack.yml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 74 } @@ -4948,7 +4896,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.html", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/package.json", "uriBaseId" : "%SRCROOT%", "index" : 75 } @@ -4974,7 +4922,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.xml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 76 } @@ -5000,7 +4948,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", "uriBaseId" : "%SRCROOT%", "index" : 77 } @@ -5026,7 +4974,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 78 } @@ -5052,7 +5000,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/attachDisplay_detachDisplay/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 79 } @@ -5078,7 +5026,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/binding_path/bindingComposite.xml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 80 } @@ -5104,7 +5052,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/multiple_models/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 81 } @@ -5130,7 +5078,33 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/binding_path/binding1.xml", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 82 } @@ -5156,7 +5130,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/property_getter_setter/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/package.json", "uriBaseId" : "%SRCROOT%", "index" : 83 } @@ -5182,7 +5156,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/sink/sink1.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", "uriBaseId" : "%SRCROOT%", "index" : 84 } @@ -5208,7 +5182,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/qlpack.yml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 85 } @@ -5234,7 +5208,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/models/source/source1.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 86 } @@ -5260,7 +5234,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 87 } @@ -5286,7 +5260,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 88 } @@ -5312,7 +5286,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 89 } @@ -5338,7 +5312,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/package.json", "uriBaseId" : "%SRCROOT%", "index" : 90 } @@ -5364,7 +5338,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", "index" : 91 } @@ -5390,7 +5364,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 92 } @@ -5416,7 +5390,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 93 } @@ -5442,7 +5416,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 94 } @@ -5468,7 +5442,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 95 } @@ -5494,7 +5468,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 96 } @@ -5520,7 +5494,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", "index" : 97 } @@ -5546,7 +5520,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/package.json", "uriBaseId" : "%SRCROOT%", "index" : 98 } @@ -5572,7 +5546,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 99 } @@ -5598,7 +5572,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 100 } @@ -5624,7 +5598,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 101 } @@ -5650,7 +5624,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 102 } @@ -5676,9 +5650,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 103 + "index" : 2 } } } ], @@ -5702,9 +5676,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 104 + "index" : 103 } } } ], @@ -5728,9 +5702,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 105 + "index" : 104 } } } ], @@ -5754,9 +5728,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", - "index" : 106 + "index" : 105 } } } ], @@ -5780,9 +5754,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package.json", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 107 + "index" : 106 } } } ], @@ -5806,9 +5780,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 108 + "index" : 107 } } } ], @@ -5832,9 +5806,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 108 } } } ], @@ -5858,9 +5832,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 110 + "index" : 109 } } } ], @@ -5884,9 +5858,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 111 + "index" : 110 } } } ], @@ -5910,9 +5884,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 111 } } } ], @@ -5936,9 +5910,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 112 } } } ], @@ -5962,7 +5936,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 113 } @@ -5988,7 +5962,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 114 } @@ -6014,7 +5988,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 115 } @@ -6040,7 +6014,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 116 } @@ -6066,7 +6040,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/lib/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 117 } @@ -6092,7 +6066,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/lib/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 118 } @@ -6118,7 +6092,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/src/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 119 } @@ -6144,7 +6118,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/src/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 120 } @@ -6170,7 +6144,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", "index" : 121 } @@ -6196,7 +6170,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", "uriBaseId" : "%SRCROOT%", "index" : 122 } @@ -6222,7 +6196,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.html", "uriBaseId" : "%SRCROOT%", "index" : 123 } @@ -6248,7 +6222,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", "uriBaseId" : "%SRCROOT%", "index" : 124 } @@ -6274,7 +6248,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.json", "uriBaseId" : "%SRCROOT%", "index" : 125 } @@ -6300,7 +6274,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.xml", "uriBaseId" : "%SRCROOT%", "index" : 126 } @@ -6326,7 +6300,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package.json", + "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", "uriBaseId" : "%SRCROOT%", "index" : 127 } @@ -6352,7 +6326,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/models/attachDisplay_detachDisplay/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 128 } @@ -6378,7 +6352,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/models/binding_path/binding1.xml", "uriBaseId" : "%SRCROOT%", "index" : 129 } @@ -6404,7 +6378,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/models/binding_path/bindingComposite.xml", "uriBaseId" : "%SRCROOT%", "index" : 130 } @@ -6430,7 +6404,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/models/multiple_models/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 131 } @@ -6456,7 +6430,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/models/property_getter_setter/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 132 } @@ -6482,7 +6456,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package.json", + "uri" : "javascript/frameworks/ui5/test/models/sink/sink1.xml", "uriBaseId" : "%SRCROOT%", "index" : 133 } @@ -6508,7 +6482,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/qlpack.yml", "uriBaseId" : "%SRCROOT%", "index" : 134 } @@ -6534,7 +6508,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/models/source/source1.xml", "uriBaseId" : "%SRCROOT%", "index" : 135 } @@ -6560,7 +6534,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 136 } @@ -6586,7 +6560,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", "uriBaseId" : "%SRCROOT%", "index" : 137 } @@ -6612,7 +6586,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", "uriBaseId" : "%SRCROOT%", "index" : 138 } @@ -6638,7 +6612,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 139 } @@ -6664,7 +6638,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/index.html", "uriBaseId" : "%SRCROOT%", "index" : 140 } @@ -6690,7 +6664,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 141 } @@ -6716,7 +6690,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 142 } @@ -6742,7 +6716,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 143 } @@ -6768,7 +6742,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 144 } @@ -6794,7 +6768,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 145 } @@ -6820,7 +6794,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 146 } @@ -6846,7 +6820,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 147 } @@ -6872,7 +6846,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 148 } @@ -6898,7 +6872,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 149 } @@ -6924,7 +6898,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 150 } @@ -6950,7 +6924,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 151 } @@ -6976,7 +6950,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 152 } @@ -7002,7 +6976,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 153 } @@ -7028,7 +7002,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 154 } @@ -7054,7 +7028,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 155 } @@ -7080,7 +7054,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 156 } @@ -7106,7 +7080,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 157 } @@ -7132,7 +7106,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 158 } @@ -7158,7 +7132,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 159 } @@ -7184,7 +7158,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 160 } @@ -7210,7 +7184,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", "index" : 161 } @@ -7236,7 +7210,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 162 } @@ -7262,7 +7236,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 163 } @@ -7288,7 +7262,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 164 } @@ -7314,7 +7288,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 165 } @@ -7340,9 +7314,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 166 } } } ], @@ -7366,9 +7340,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/.eslintrc.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 166 + "index" : 167 } } } ], @@ -7392,9 +7366,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 167 + "index" : 3 } } } ], @@ -7418,7 +7392,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 168 } @@ -7444,7 +7418,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 169 } @@ -7470,7 +7444,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 170 } @@ -7496,7 +7470,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 171 } @@ -7522,7 +7496,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 172 } @@ -7548,7 +7522,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 173 } @@ -7574,7 +7548,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 174 } @@ -7600,7 +7574,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 175 } @@ -7626,7 +7600,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 176 } @@ -7652,7 +7626,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 177 } @@ -7678,7 +7652,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 178 } @@ -7704,7 +7678,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 179 } @@ -7730,7 +7704,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 180 } @@ -7756,7 +7730,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 181 } @@ -7782,7 +7756,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 182 } @@ -7808,7 +7782,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 183 } @@ -7834,7 +7808,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 184 } @@ -7860,7 +7834,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 185 } @@ -7886,7 +7860,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 186 } @@ -7912,7 +7886,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package.json", "uriBaseId" : "%SRCROOT%", "index" : 187 } @@ -7938,7 +7912,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 188 } @@ -7964,7 +7938,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 189 } @@ -7990,7 +7964,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 190 } @@ -8016,7 +7990,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 191 } @@ -8042,7 +8016,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 192 } @@ -8068,7 +8042,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 193 } @@ -8094,7 +8068,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 194 } @@ -8120,7 +8094,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package.json", "uriBaseId" : "%SRCROOT%", "index" : 195 } @@ -8146,7 +8120,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 196 } @@ -8172,7 +8146,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 197 } @@ -8198,7 +8172,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 198 } @@ -8224,7 +8198,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 199 } @@ -8250,7 +8224,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 200 } @@ -8276,7 +8250,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", "uriBaseId" : "%SRCROOT%", "index" : 201 } @@ -8302,7 +8276,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 202 } @@ -8328,7 +8302,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", "index" : 203 } @@ -8354,7 +8328,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 204 } @@ -8380,7 +8354,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 205 } @@ -8406,7 +8380,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 206 } @@ -8432,7 +8406,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 207 } @@ -8458,7 +8432,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 208 } @@ -8484,7 +8458,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 209 } @@ -8510,7 +8484,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 210 } @@ -8536,7 +8510,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 211 } @@ -8562,7 +8536,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 212 } @@ -8588,7 +8562,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 213 } @@ -8614,7 +8588,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 214 } @@ -8640,7 +8614,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 215 } @@ -8666,7 +8640,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 216 } @@ -8692,7 +8666,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 217 } @@ -8718,7 +8692,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 218 } @@ -8744,7 +8718,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 219 } @@ -8770,7 +8744,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 220 } @@ -8796,7 +8770,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 221 } @@ -8822,7 +8796,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 222 } @@ -8848,7 +8822,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 223 } @@ -8874,7 +8848,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 224 } @@ -8900,7 +8874,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 225 } @@ -8926,7 +8900,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 226 } @@ -8952,7 +8926,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 227 } @@ -8978,7 +8952,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 228 } @@ -9004,7 +8978,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 229 } @@ -9030,7 +9004,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 230 } @@ -9056,7 +9030,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", "index" : 231 } @@ -9082,7 +9056,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 232 } @@ -9108,7 +9082,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 233 } @@ -9134,7 +9108,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 234 } @@ -9160,7 +9134,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 235 } @@ -9186,9 +9160,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 236 + "index" : 0 } } } ], @@ -9212,9 +9186,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 237 + "index" : 236 } } } ], @@ -9238,9 +9212,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/.eslintrc.json", "uriBaseId" : "%SRCROOT%", - "index" : 238 + "index" : 237 } } } ], @@ -9264,9 +9238,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 239 + "index" : 238 } } } ], @@ -9290,9 +9264,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 240 + "index" : 239 } } } ], @@ -9316,9 +9290,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 240 } } } ], @@ -9342,9 +9316,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", "uriBaseId" : "%SRCROOT%", - "index" : 242 + "index" : 241 } } } ], @@ -9368,9 +9342,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 243 + "index" : 242 } } } ], @@ -9394,7 +9368,33 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uriBaseId" : "%SRCROOT%", + "index" : 243 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 244 } @@ -9420,7 +9420,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 245 } @@ -9446,7 +9446,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/model/todoitems.json", "uriBaseId" : "%SRCROOT%", "index" : 246 } @@ -9472,7 +9472,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", "uriBaseId" : "%SRCROOT%", "index" : 247 } @@ -9498,7 +9498,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", "uriBaseId" : "%SRCROOT%", "index" : 248 } @@ -9524,7 +9524,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", "uriBaseId" : "%SRCROOT%", "index" : 249 } @@ -9550,7 +9550,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", "uriBaseId" : "%SRCROOT%", "index" : 250 } @@ -9576,7 +9576,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", "uriBaseId" : "%SRCROOT%", "index" : 251 } @@ -9602,7 +9602,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.html", "uriBaseId" : "%SRCROOT%", "index" : 252 } @@ -9628,7 +9628,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", "uriBaseId" : "%SRCROOT%", "index" : 253 } @@ -9654,7 +9654,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", "uriBaseId" : "%SRCROOT%", "index" : 254 } @@ -9680,7 +9680,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.html", "uriBaseId" : "%SRCROOT%", "index" : 255 } @@ -9706,7 +9706,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", "uriBaseId" : "%SRCROOT%", "index" : 256 } @@ -9732,7 +9732,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", "uriBaseId" : "%SRCROOT%", "index" : 257 } @@ -9758,7 +9758,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 258 } @@ -9784,7 +9784,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.html", "uriBaseId" : "%SRCROOT%", "index" : 259 } @@ -9810,7 +9810,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", "uriBaseId" : "%SRCROOT%", "index" : 260 } @@ -9836,7 +9836,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", "uriBaseId" : "%SRCROOT%", "index" : 261 } @@ -9862,7 +9862,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 262 } @@ -9888,7 +9888,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 263 } @@ -9914,7 +9914,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package.json", "uriBaseId" : "%SRCROOT%", "index" : 264 } @@ -9940,7 +9940,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 265 } @@ -9966,7 +9966,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 266 } @@ -9992,7 +9992,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 267 } @@ -10018,7 +10018,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 268 } @@ -10044,7 +10044,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 269 } @@ -10070,7 +10070,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 270 } @@ -10096,7 +10096,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 271 } @@ -10122,7 +10122,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 272 } @@ -10148,7 +10148,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package.json", "uriBaseId" : "%SRCROOT%", "index" : 273 } @@ -10174,7 +10174,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 274 } @@ -10200,7 +10200,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 275 } @@ -10226,7 +10226,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 276 } @@ -10252,7 +10252,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 277 } @@ -10278,7 +10278,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 278 } @@ -10304,7 +10304,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 279 } @@ -10330,7 +10330,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 280 } @@ -10356,7 +10356,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 281 } @@ -10382,7 +10382,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package.json", "uriBaseId" : "%SRCROOT%", "index" : 282 } @@ -10408,7 +10408,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 283 } @@ -10434,7 +10434,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 284 } @@ -10460,7 +10460,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 285 } @@ -10486,7 +10486,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 286 } @@ -10512,7 +10512,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 287 } @@ -10538,7 +10538,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 288 } @@ -10564,7 +10564,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 289 } @@ -10590,7 +10590,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 290 } @@ -10616,7 +10616,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 291 } @@ -10642,7 +10642,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", "index" : 292 } @@ -10668,7 +10668,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", "index" : 293 } @@ -10694,7 +10694,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", "index" : 294 } @@ -10720,7 +10720,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", "index" : 295 } @@ -10746,7 +10746,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", "index" : 296 } @@ -10772,7 +10772,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", "index" : 297 } @@ -10798,7 +10798,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", "index" : 298 } @@ -10824,7 +10824,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", "index" : 299 } @@ -10850,7 +10850,7 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", "index" : 300 } @@ -10876,9 +10876,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 4 + "index" : 301 } } } ], @@ -10902,9 +10902,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/qlpack.yml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 301 + "index" : 302 } } } ], @@ -10928,9 +10928,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 302 + "index" : 303 } } } ], @@ -10954,9 +10954,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "scripts/qlpack.yml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 303 + "index" : 304 } } } ], @@ -10980,9 +10980,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 169 + "index" : 305 } } } ], @@ -10991,8 +10991,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11003,9 +11006,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 22 + "index" : 306 } } } ], @@ -11014,8 +11017,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11026,9 +11032,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 307 } } } ], @@ -11037,8 +11043,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11049,9 +11058,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 308 } } } ], @@ -11060,8 +11069,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11072,9 +11084,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 175 + "index" : 309 } } } ], @@ -11083,8 +11095,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11095,9 +11110,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 310 } } } ], @@ -11106,8 +11121,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11118,9 +11136,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 311 } } } ], @@ -11129,8 +11147,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11141,9 +11162,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 48 + "index" : 312 } } } ], @@ -11152,8 +11173,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11164,9 +11188,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 281 + "index" : 313 } } } ], @@ -11175,8 +11199,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11187,9 +11214,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 191 + "index" : 314 } } } ], @@ -11198,8 +11225,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11210,9 +11240,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 174 + "index" : 315 } } } ], @@ -11221,8 +11251,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11233,9 +11266,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 206 + "index" : 316 } } } ], @@ -11244,10 +11277,13 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 - }, - "properties" : { + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { "formattedMessage" : { "text" : "" } @@ -11256,9 +11292,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 317 } } } ], @@ -11267,8 +11303,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11279,9 +11318,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 51 + "index" : 318 } } } ], @@ -11290,8 +11329,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11302,9 +11344,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 159 + "index" : 319 } } } ], @@ -11313,8 +11355,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11325,9 +11370,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 199 + "index" : 320 } } } ], @@ -11336,8 +11381,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11348,9 +11396,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 219 + "index" : 321 } } } ], @@ -11359,8 +11407,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11371,9 +11422,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 263 + "index" : 322 } } } ], @@ -11382,8 +11433,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11394,9 +11448,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 41 + "index" : 323 } } } ], @@ -11405,8 +11459,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11417,9 +11474,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 273 + "index" : 324 } } } ], @@ -11428,8 +11485,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11440,9 +11500,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 115 + "index" : 325 } } } ], @@ -11451,8 +11511,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11463,9 +11526,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 271 + "index" : 326 } } } ], @@ -11474,8 +11537,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11486,9 +11552,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 155 + "index" : 327 } } } ], @@ -11497,8 +11563,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11509,9 +11578,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 298 + "index" : 328 } } } ], @@ -11520,8 +11589,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11532,9 +11604,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 138 + "index" : 329 } } } ], @@ -11543,8 +11615,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11555,9 +11630,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 151 + "index" : 330 } } } ], @@ -11566,8 +11641,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11578,9 +11656,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 278 + "index" : 331 } } } ], @@ -11589,8 +11667,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11601,9 +11682,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 177 + "index" : 332 } } } ], @@ -11612,8 +11693,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11624,9 +11708,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 180 + "index" : 333 } } } ], @@ -11635,8 +11719,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11647,9 +11734,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 334 } } } ], @@ -11658,8 +11745,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11670,9 +11760,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 53 + "index" : 335 } } } ], @@ -11681,8 +11771,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11693,9 +11786,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 284 + "index" : 336 } } } ], @@ -11704,8 +11797,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11716,9 +11812,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 337 } } } ], @@ -11727,8 +11823,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11739,9 +11838,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 291 + "index" : 338 } } } ], @@ -11750,8 +11849,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11762,9 +11864,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 137 + "index" : 339 } } } ], @@ -11773,8 +11875,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11785,9 +11890,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 46 + "index" : 340 } } } ], @@ -11796,8 +11901,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11808,9 +11916,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 294 + "index" : 341 } } } ], @@ -11819,8 +11927,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11831,9 +11942,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 118 + "index" : 342 } } } ], @@ -11842,10 +11953,13 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 - }, - "properties" : { + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { "formattedMessage" : { "text" : "" } @@ -11854,9 +11968,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 201 + "index" : 343 } } } ], @@ -11865,8 +11979,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11877,9 +11994,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/model.json", "uriBaseId" : "%SRCROOT%", - "index" : 77 + "index" : 344 } } } ], @@ -11888,8 +12005,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11900,9 +12020,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 345 } } } ], @@ -11911,8 +12031,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11923,9 +12046,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 125 + "index" : 346 } } } ], @@ -11934,8 +12057,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11946,9 +12072,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 251 + "index" : 347 } } } ], @@ -11957,8 +12083,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11969,9 +12098,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 103 + "index" : 348 } } } ], @@ -11980,8 +12109,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -11992,9 +12124,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 176 + "index" : 349 } } } ], @@ -12003,8 +12135,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12015,9 +12150,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 69 + "index" : 350 } } } ], @@ -12026,8 +12161,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12038,9 +12176,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 28 + "index" : 351 } } } ], @@ -12049,8 +12187,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12061,9 +12202,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 144 + "index" : 352 } } } ], @@ -12072,8 +12213,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12084,9 +12228,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 267 + "index" : 353 } } } ], @@ -12095,8 +12239,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12107,9 +12254,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 34 + "index" : 354 } } } ], @@ -12118,8 +12265,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12130,9 +12280,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 39 + "index" : 355 } } } ], @@ -12141,8 +12291,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12153,9 +12306,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", "uriBaseId" : "%SRCROOT%", - "index" : 37 + "index" : 356 } } } ], @@ -12164,8 +12317,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12176,9 +12332,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 78 + "index" : 357 } } } ], @@ -12187,8 +12343,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12199,9 +12358,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 21 + "index" : 358 } } } ], @@ -12210,8 +12369,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12222,9 +12384,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 98 + "index" : 359 } } } ], @@ -12233,8 +12395,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12245,9 +12410,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 264 + "index" : 360 } } } ], @@ -12256,8 +12421,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12268,9 +12436,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", "uriBaseId" : "%SRCROOT%", - "index" : 232 + "index" : 361 } } } ], @@ -12279,8 +12447,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12291,9 +12462,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 65 + "index" : 362 } } } ], @@ -12302,8 +12473,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12314,9 +12488,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 363 } } } ], @@ -12325,8 +12499,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12337,9 +12514,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 265 + "index" : 364 } } } ], @@ -12348,8 +12525,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12360,9 +12540,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 244 + "index" : 365 } } } ], @@ -12371,8 +12551,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12383,9 +12566,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 262 + "index" : 366 } } } ], @@ -12394,8 +12577,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12406,9 +12592,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 367 } } } ], @@ -12417,8 +12603,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12429,9 +12618,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 43 + "index" : 368 } } } ], @@ -12440,11 +12629,14 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 - }, - "properties" : { - "formattedMessage" : { + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { + "formattedMessage" : { "text" : "" } } @@ -12452,9 +12644,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 290 + "index" : 369 } } } ], @@ -12463,8 +12655,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12475,9 +12670,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 238 + "index" : 370 } } } ], @@ -12486,8 +12681,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12498,9 +12696,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 19 + "index" : 371 } } } ], @@ -12509,8 +12707,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12521,9 +12722,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 372 } } } ], @@ -12532,8 +12733,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12544,9 +12748,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 45 + "index" : 373 } } } ], @@ -12555,8 +12759,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12567,9 +12774,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 47 + "index" : 374 } } } ], @@ -12578,8 +12785,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12592,7 +12802,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 375 } } } ], @@ -12601,8 +12811,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12613,9 +12826,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 182 + "index" : 376 } } } ], @@ -12624,8 +12837,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12636,9 +12852,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 96 + "index" : 377 } } } ], @@ -12647,8 +12863,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12659,9 +12878,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 240 + "index" : 378 } } } ], @@ -12670,8 +12889,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12682,9 +12904,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 33 + "index" : 379 } } } ], @@ -12693,8 +12915,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12705,9 +12930,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 257 + "index" : 380 } } } ], @@ -12716,8 +12941,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12728,9 +12956,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 246 + "index" : 381 } } } ], @@ -12739,8 +12967,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12751,9 +12982,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 237 + "index" : 382 } } } ], @@ -12762,8 +12993,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12774,9 +13008,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 383 } } } ], @@ -12785,8 +13019,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12797,9 +13034,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 117 + "index" : 384 } } } ], @@ -12808,8 +13045,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12820,9 +13060,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 4 + "index" : 385 } } } ], @@ -12831,8 +13071,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12843,9 +13086,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 252 + "index" : 386 } } } ], @@ -12854,8 +13097,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12866,9 +13112,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 387 } } } ], @@ -12877,8 +13123,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12889,9 +13138,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 279 + "index" : 388 } } } ], @@ -12900,8 +13149,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12912,9 +13164,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 389 } } } ], @@ -12923,8 +13175,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12935,9 +13190,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 149 + "index" : 390 } } } ], @@ -12946,8 +13201,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12958,9 +13216,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 282 + "index" : 391 } } } ], @@ -12969,8 +13227,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -12981,9 +13242,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 221 + "index" : 392 } } } ], @@ -12992,8 +13253,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13004,9 +13268,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 256 + "index" : 393 } } } ], @@ -13015,8 +13279,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13027,9 +13294,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 61 + "index" : 394 } } } ], @@ -13038,21 +13305,24 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 - }, - "properties" : { - "formattedMessage" : { - "text" : "" + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } + }, + "properties" : { + "formattedMessage" : { + "text" : "" } } }, { "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 395 } } } ], @@ -13061,8 +13331,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13073,9 +13346,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 286 + "index" : 396 } } } ], @@ -13084,8 +13357,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13096,9 +13372,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 42 + "index" : 397 } } } ], @@ -13107,8 +13383,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13119,9 +13398,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 26 + "index" : 398 } } } ], @@ -13130,8 +13409,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13142,9 +13424,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 36 + "index" : 399 } } } ], @@ -13153,8 +13435,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13165,9 +13450,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 183 + "index" : 400 } } } ], @@ -13176,8 +13461,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13188,9 +13476,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 401 } } } ], @@ -13199,8 +13487,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13211,9 +13502,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 50 + "index" : 402 } } } ], @@ -13222,8 +13513,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13234,9 +13528,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 148 + "index" : 403 } } } ], @@ -13245,8 +13539,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13257,9 +13554,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 111 + "index" : 404 } } } ], @@ -13268,8 +13565,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13280,9 +13580,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 405 } } } ], @@ -13291,8 +13591,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13303,9 +13606,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 25 + "index" : 406 } } } ], @@ -13314,8 +13617,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13326,9 +13632,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 162 + "index" : 407 } } } ], @@ -13337,8 +13643,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13349,9 +13658,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 213 + "index" : 408 } } } ], @@ -13360,8 +13669,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13372,9 +13684,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 30 + "index" : 409 } } } ], @@ -13383,8 +13695,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13395,9 +13710,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 131 + "index" : 410 } } } ], @@ -13406,8 +13721,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13418,9 +13736,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 95 + "index" : 411 } } } ], @@ -13429,8 +13747,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13441,9 +13762,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", + "uri" : "javascript/heuristic-models/tests/Sources/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 187 + "index" : 4 } } } ], @@ -13452,8 +13773,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13464,9 +13788,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", + "uri" : "javascript/heuristic-models/tests/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", - "index" : 38 + "index" : 412 } } } ], @@ -13475,8 +13799,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13487,9 +13814,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", + "uri" : "javascript/heuristic-models/tests/qlpack.yml", "uriBaseId" : "%SRCROOT%", - "index" : 24 + "index" : 413 } } } ], @@ -13498,8 +13825,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13510,9 +13840,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", + "uri" : "qlt.conf.json", "uriBaseId" : "%SRCROOT%", - "index" : 207 + "index" : 414 } } } ], @@ -13521,8 +13851,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13533,9 +13866,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "scripts/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 415 } } } ], @@ -13544,8 +13877,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13556,9 +13892,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", + "uri" : "scripts/qlpack.yml", "uriBaseId" : "%SRCROOT%", - "index" : 105 + "index" : 416 } } } ], @@ -13567,8 +13903,11 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/javascript", - "index" : 0 + "id" : "js/diagnostics/successfully-extracted-files", + "index" : 1, + "toolComponent" : { + "index" : 0 + } }, "properties" : { "formattedMessage" : { @@ -13579,9 +13918,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", "uriBaseId" : "%SRCROOT%", - "index" : 215 + "index" : 241 } } } ], @@ -13602,9 +13941,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 142 + "index" : 28 } } } ], @@ -13625,9 +13964,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 212 + "index" : 154 } } } ], @@ -13648,9 +13987,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 57 + "index" : 162 } } } ], @@ -13671,9 +14010,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", "uriBaseId" : "%SRCROOT%", - "index" : 194 + "index" : 249 } } } ], @@ -13694,9 +14033,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 73 + "index" : 3 } } } ], @@ -13717,9 +14056,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 302 + "index" : 114 } } } ], @@ -13740,9 +14079,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", "uriBaseId" : "%SRCROOT%", - "index" : 198 + "index" : 77 } } } ], @@ -13763,9 +14102,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 184 + "index" : 387 } } } ], @@ -13786,9 +14125,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 205 + "index" : 266 } } } ], @@ -13809,9 +14148,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", "uriBaseId" : "%SRCROOT%", - "index" : 186 + "index" : 248 } } } ], @@ -13832,9 +14171,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 222 + "index" : 100 } } } ], @@ -13855,9 +14194,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 285 } } } ], @@ -13878,9 +14217,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 228 + "index" : 81 } } } ], @@ -13901,9 +14240,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 54 + "index" : 226 } } } ], @@ -13924,9 +14263,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 164 + "index" : 302 } } } ], @@ -13947,9 +14286,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 292 + "index" : 276 } } } ], @@ -13970,9 +14309,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 361 } } } ], @@ -13993,9 +14332,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 156 + "index" : 95 } } } ], @@ -14016,9 +14355,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 192 + "index" : 65 } } } ], @@ -14039,9 +14378,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 29 + "index" : 373 } } } ], @@ -14062,9 +14401,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 173 + "index" : 171 } } } ], @@ -14085,9 +14424,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 179 + "index" : 371 } } } ], @@ -14108,9 +14447,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 224 } } } ], @@ -14131,9 +14470,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 31 + "index" : 407 } } } ], @@ -14154,9 +14493,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 123 + "index" : 217 } } } ], @@ -14177,9 +14516,9 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "scripts/CreateTestsFromYaml.py", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", "uriBaseId" : "%SRCROOT%", - "index" : 304 + "index" : 201 } } } ], @@ -14188,2771 +14527,5154 @@ }, "level" : "none", "descriptor" : { - "id" : "cli/expected-extracted-files/python", - "index" : 1 + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 }, "properties" : { "formattedMessage" : { "text" : "" } } - } ], - "executionSuccessful" : true - } ], - "artifacts" : [ { - "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - } - }, { - "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - } - }, { - "location" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", - "uriBaseId" : "%SRCROOT%", - "index" : 4 - } - }, { - "location" : { - "uri" : ".github/actions/install-qlt/action.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 5 - } - }, { - "location" : { - "uri" : ".github/actions/install-codeql/action.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 6 - } - }, { - "location" : { - "uri" : ".github/codeql/codeql-config.yaml", - "uriBaseId" : "%SRCROOT%", - "index" : 7 - } - }, { - "location" : { - "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 8 - } - }, { - "location" : { - "uri" : ".github/codeql/extensions/javascript/frameworks/cap/ext/ext/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 9 - } - }, { - "location" : { - "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/ui5.model.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 10 - } - }, { - "location" : { - "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/additional-sources.model.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 11 - } - }, { - "location" : { - "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 12 - } - }, { - "location" : { - "uri" : ".github/workflows/code_scanning.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 13 - } - }, { - "location" : { - "uri" : ".github/workflows/run-codeql-unit-tests-javascript.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 14 - } - }, { - "location" : { - "uri" : "codeql-workspace.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 15 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/lib/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 16 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/src/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 17 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/package.json", - "uriBaseId" : "%SRCROOT%", - "index" : 18 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", - "uriBaseId" : "%SRCROOT%", - "index" : 19 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/qlpack.yml", - "uriBaseId" : "%SRCROOT%", - "index" : 20 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", - "uriBaseId" : "%SRCROOT%", - "index" : 21 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 22 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/package.json", - "uriBaseId" : "%SRCROOT%", - "index" : 23 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 24 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", - "uriBaseId" : "%SRCROOT%", - "index" : 25 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", - "uriBaseId" : "%SRCROOT%", - "index" : 26 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/package.json", - "uriBaseId" : "%SRCROOT%", - "index" : 27 - } - }, { - "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 379 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", + "uriBaseId" : "%SRCROOT%", + "index" : 251 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", + "uriBaseId" : "%SRCROOT%", + "index" : 254 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 84 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 389 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 108 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uriBaseId" : "%SRCROOT%", + "index" : 398 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 199 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 72 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 401 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 174 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 278 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", + "uriBaseId" : "%SRCROOT%", + "index" : 124 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 184 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 343 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 155 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", + "uriBaseId" : "%SRCROOT%", + "index" : 250 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 112 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 45 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 207 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 365 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 50 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 60 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", + "uriBaseId" : "%SRCROOT%", + "index" : 56 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", + "uriBaseId" : "%SRCROOT%", + "index" : 127 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 30 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 102 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 148 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uriBaseId" : "%SRCROOT%", + "index" : 362 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 319 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 363 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 335 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 360 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 180 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 67 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 397 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 321 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 27 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 89 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 70 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 74 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uriBaseId" : "%SRCROOT%", + "index" : 375 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", + "uriBaseId" : "%SRCROOT%", + "index" : 256 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 145 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 329 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 53 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 354 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 337 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 327 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 172 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uriBaseId" : "%SRCROOT%", + "index" : 4 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 346 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 242 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 381 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 109 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 215 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 388 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 303 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 352 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 116 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 391 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 63 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 38 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 55 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", + "uriBaseId" : "%SRCROOT%", + "index" : 257 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 311 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 91 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 80 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 214 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 165 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 33 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 232 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 294 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 93 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 44 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 191 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 146 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", + "uriBaseId" : "%SRCROOT%", + "index" : 261 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 58 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 36 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 287 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 189 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 157 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 296 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 205 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 293 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 105 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 269 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", + "uriBaseId" : "%SRCROOT%", + "index" : 122 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 409 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 275 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 258 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 284 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 97 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", + "uriBaseId" : "%SRCROOT%", + "index" : 260 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 305 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 196 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 313 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 86 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 236 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 399 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 223 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 267 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 41 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", + "uriBaseId" : "%SRCROOT%", + "index" : 247 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", + "uriBaseId" : "%SRCROOT%", + "index" : 253 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uriBaseId" : "%SRCROOT%", + "index" : 243 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 47 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 181 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/javascript", + "index" : 0 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + }, { + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "scripts/CreateTestsFromYaml.py", + "uriBaseId" : "%SRCROOT%", + "index" : 417 + } + } + } ], + "message" : { + "text" : "" + }, + "level" : "none", + "descriptor" : { + "id" : "cli/expected-extracted-files/python", + "index" : 1 + }, + "properties" : { + "formattedMessage" : { + "text" : "" + } + } + } ], + "executionSuccessful" : true + } ], + "artifacts" : [ { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + } + }, { + "location" : { + "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uriBaseId" : "%SRCROOT%", + "index" : 4 + } + }, { + "location" : { + "uri" : ".github/actions/install-qlt/action.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 5 + } + }, { + "location" : { + "uri" : ".github/actions/install-codeql/action.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 6 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/frameworks/cap/ext/ext/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 7 + } + }, { + "location" : { + "uri" : ".github/codeql/codeql-config.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 8 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/frameworks/cap/ext/ext/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 9 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 10 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/ui5.model.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 11 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/frameworks/ui5/ext/ext/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 12 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/additional-sources.model.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 13 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 14 + } + }, { + "location" : { + "uri" : ".github/codeql/extensions/javascript/heuristic-models/ext/ext/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 15 + } + }, { + "location" : { + "uri" : ".github/workflows/code_scanning.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 16 + } + }, { + "location" : { + "uri" : ".github/workflows/run-codeql-unit-tests-javascript.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 17 + } + }, { + "location" : { + "uri" : "codeql-workspace.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 18 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/lib/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 19 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/src/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 20 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/lib/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 21 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/src/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 22 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 23 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 24 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 25 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 26 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 27 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 28 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 29 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 30 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-cds-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 31 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 32 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/server.js", "uriBaseId" : "%SRCROOT%", "index" : 33 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/package.json", "uriBaseId" : "%SRCROOT%", "index" : 34 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 35 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 36 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 37 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-js-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 38 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 39 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/package.json", "uriBaseId" : "%SRCROOT%", "index" : 40 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/server.js", "uriBaseId" : "%SRCROOT%", "index" : 41 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 42 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 43 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 44 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/entities-with-no-authz/entities-exposed-with-no-authz/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 45 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 46 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/server.js", "uriBaseId" : "%SRCROOT%", "index" : 47 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 48 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/package.json", "uriBaseId" : "%SRCROOT%", "index" : 49 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 50 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 51 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 52 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/default-is-privileged/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 53 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/package.json", "uriBaseId" : "%SRCROOT%", "index" : 54 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/server.js", "uriBaseId" : "%SRCROOT%", "index" : 55 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/privileged-user.js", "uriBaseId" : "%SRCROOT%", "index" : 56 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 57 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 58 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 59 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/misused-privileged-user/dynamically-generated-privileged/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 60 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 61 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/package.json", "uriBaseId" : "%SRCROOT%", "index" : 62 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/server.js", "uriBaseId" : "%SRCROOT%", "index" : 63 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 64 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service1.js", "uriBaseId" : "%SRCROOT%", "index" : 65 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", "index" : 66 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/basic-authentication/srv/service2.js", "uriBaseId" : "%SRCROOT%", "index" : 67 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/package.json", + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 68 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 69 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 70 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 71 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 72 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 73 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/dummy-authentication/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 74 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 75 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 76 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 77 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 78 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 79 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 80 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/bad-authn-authz/nonprod-authn-strategy/mocked-authentication/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 81 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 82 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 83 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 84 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 85 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 86 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 87 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 88 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 89 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 90 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 91 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service1.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 92 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 93 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 94 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 95 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 96 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/server.js", + "uriBaseId" : "%SRCROOT%", + "index" : 97 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 98 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 99 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 100 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 101 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 102 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/db/schema.cds.json", + "uriBaseId" : "%SRCROOT%", + "index" : 103 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 104 + } + }, { + "location" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", - "index" : 68 + "index" : 105 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 69 + "index" : 106 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 107 } }, { "location" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 108 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/lib/qlpack.yml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 72 + "index" : 109 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/db/schema.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 73 + "index" : 110 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/src/qlpack.yml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 74 + "index" : 111 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.html", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/server.js", "uriBaseId" : "%SRCROOT%", - "index" : 75 + "index" : 112 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 76 + "index" : 113 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 77 + "index" : 114 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.cds.json", "uriBaseId" : "%SRCROOT%", - "index" : 78 + "index" : 115 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/attachDisplay_detachDisplay/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 79 + "index" : 116 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/binding_path/bindingComposite.xml", + "uri" : "javascript/frameworks/ui5/lib/qlpack.yml", "uriBaseId" : "%SRCROOT%", - "index" : 80 + "index" : 117 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/multiple_models/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/lib/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", - "index" : 81 + "index" : 118 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/binding_path/binding1.xml", + "uri" : "javascript/frameworks/ui5/src/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", - "index" : 82 + "index" : 119 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/property_getter_setter/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/ui5/src/qlpack.yml", "uriBaseId" : "%SRCROOT%", - "index" : 83 + "index" : 120 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/sink/sink1.xml", + "uri" : "javascript/frameworks/ui5/test/codeql-pack.lock.yml", "uriBaseId" : "%SRCROOT%", - "index" : 84 + "index" : 121 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/qlpack.yml", + "uri" : "javascript/frameworks/ui5/test/lib/BindingStringParser/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 85 + "index" : 122 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/models/source/source1.xml", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.html", "uriBaseId" : "%SRCROOT%", - "index" : 86 + "index" : 123 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 87 + "index" : 124 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.json", "uriBaseId" : "%SRCROOT%", - "index" : 88 + "index" : 125 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/lib/Bindings/test.xml", "uriBaseId" : "%SRCROOT%", - "index" : 89 + "index" : 126 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/index.html", + "uri" : "javascript/frameworks/ui5/test/lib/JsonParser/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 90 + "index" : 127 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", + "uri" : "javascript/frameworks/ui5/test/models/attachDisplay_detachDisplay/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 91 + "index" : 128 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/models/binding_path/binding1.xml", "uriBaseId" : "%SRCROOT%", - "index" : 92 + "index" : 129 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/models/binding_path/bindingComposite.xml", "uriBaseId" : "%SRCROOT%", - "index" : 93 + "index" : 130 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/models/multiple_models/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 94 + "index" : 131 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/models/property_getter_setter/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 95 + "index" : 132 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/models/sink/sink1.xml", "uriBaseId" : "%SRCROOT%", - "index" : 96 + "index" : 133 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/qlpack.yml", "uriBaseId" : "%SRCROOT%", - "index" : 97 + "index" : 134 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/models/source/source1.xml", "uriBaseId" : "%SRCROOT%", - "index" : 98 + "index" : 135 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 99 + "index" : 136 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 100 + "index" : 137 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 101 + "index" : 138 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 139 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 103 + "index" : 140 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-deny-all/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 104 + "index" : 141 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 105 + "index" : 142 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 106 + "index" : 143 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 107 + "index" : 144 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 108 + "index" : 145 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 146 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 110 + "index" : 147 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 111 + "index" : 148 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 149 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 113 + "index" : 150 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 114 + "index" : 151 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 115 + "index" : 152 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 116 + "index" : 153 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 117 + "index" : 154 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 118 + "index" : 155 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 119 + "index" : 156 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 120 + "index" : 157 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 121 + "index" : 158 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 159 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 123 + "index" : 160 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 124 + "index" : 161 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 125 + "index" : 162 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 126 + "index" : 163 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 127 + "index" : 164 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 128 + "index" : 165 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 166 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 130 + "index" : 167 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 131 + "index" : 168 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 132 + "index" : 169 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 133 + "index" : 170 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 134 + "index" : 171 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 172 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 136 + "index" : 173 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 137 + "index" : 174 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 138 + "index" : 175 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 139 + "index" : 176 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 140 + "index" : 177 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 141 + "index" : 178 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 142 + "index" : 179 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 143 + "index" : 180 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 144 + "index" : 181 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 145 + "index" : 182 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 146 + "index" : 183 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 147 + "index" : 184 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 148 + "index" : 185 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 149 + "index" : 186 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 150 + "index" : 187 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 151 + "index" : 188 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 152 + "index" : 189 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 153 + "index" : 190 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 154 + "index" : 191 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 155 + "index" : 192 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 156 + "index" : 193 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 157 + "index" : 194 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 158 + "index" : 195 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 159 + "index" : 196 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 160 + "index" : 197 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 161 + "index" : 198 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 162 + "index" : 199 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 163 + "index" : 200 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/utils/CustomLogListener.js", "uriBaseId" : "%SRCROOT%", - "index" : 164 + "index" : 201 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 165 + "index" : 202 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/.eslintrc.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 166 + "index" : 203 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 167 + "index" : 204 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 168 + "index" : 205 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 169 + "index" : 206 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 207 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 208 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 172 + "index" : 209 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 173 + "index" : 210 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 174 + "index" : 211 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 175 + "index" : 212 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 176 + "index" : 213 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 177 + "index" : 214 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 178 + "index" : 215 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 179 + "index" : 216 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 180 + "index" : 217 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 181 + "index" : 218 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 182 + "index" : 219 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 183 + "index" : 220 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 184 + "index" : 221 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 185 + "index" : 222 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 186 + "index" : 223 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 187 + "index" : 224 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/view/App.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 188 + "index" : 225 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 189 + "index" : 226 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 190 + "index" : 227 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 191 + "index" : 228 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 192 + "index" : 229 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 193 + "index" : 230 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 194 + "index" : 231 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 195 + "index" : 232 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 196 + "index" : 233 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 197 + "index" : 234 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 198 + "index" : 235 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 199 + "index" : 236 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/.eslintrc.json", "uriBaseId" : "%SRCROOT%", - "index" : 200 + "index" : 237 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 201 + "index" : 238 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 202 + "index" : 239 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 203 + "index" : 240 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/Component.js", "uriBaseId" : "%SRCROOT%", - "index" : 204 + "index" : 241 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 205 + "index" : 242 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", "uriBaseId" : "%SRCROOT%", - "index" : 206 + "index" : 243 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 207 + "index" : 244 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 208 + "index" : 245 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/model/todoitems.json", "uriBaseId" : "%SRCROOT%", - "index" : 209 + "index" : 246 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/AllJourneys.js", "uriBaseId" : "%SRCROOT%", - "index" : 210 + "index" : 247 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/FilterJourney.js", "uriBaseId" : "%SRCROOT%", - "index" : 211 + "index" : 248 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/SearchJourney.js", "uriBaseId" : "%SRCROOT%", - "index" : 212 + "index" : 249 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/TodoListJourney.js", "uriBaseId" : "%SRCROOT%", - "index" : 213 + "index" : 250 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/arrangements/Startup.js", "uriBaseId" : "%SRCROOT%", - "index" : 214 + "index" : 251 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.html", "uriBaseId" : "%SRCROOT%", - "index" : 215 + "index" : 252 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/opaTests.qunit.js", "uriBaseId" : "%SRCROOT%", - "index" : 216 + "index" : 253 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/integration/pages/App.js", "uriBaseId" : "%SRCROOT%", - "index" : 217 + "index" : 254 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.html", "uriBaseId" : "%SRCROOT%", - "index" : 218 + "index" : 255 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/testsuite.qunit.js", "uriBaseId" : "%SRCROOT%", - "index" : 219 + "index" : 256 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/AllTests.js", "uriBaseId" : "%SRCROOT%", - "index" : 220 + "index" : 257 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/controller/App.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 221 + "index" : 258 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.html", "uriBaseId" : "%SRCROOT%", - "index" : 222 + "index" : 259 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/test/unit/unitTests.qunit.js", "uriBaseId" : "%SRCROOT%", - "index" : 223 + "index" : 260 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/util/Helper.js", "uriBaseId" : "%SRCROOT%", - "index" : 224 + "index" : 261 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/view/App.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 225 + "index" : 262 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 263 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 227 + "index" : 264 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 228 + "index" : 265 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 266 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 230 + "index" : 267 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 231 + "index" : 268 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 232 + "index" : 269 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 233 + "index" : 270 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 234 + "index" : 271 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 235 + "index" : 272 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 236 + "index" : 273 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 237 + "index" : 274 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 238 + "index" : 275 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 239 + "index" : 276 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 240 + "index" : 277 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 278 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 242 + "index" : 279 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 243 + "index" : 280 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 244 + "index" : 281 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 245 + "index" : 282 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 246 + "index" : 283 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 247 + "index" : 284 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 248 + "index" : 285 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 249 + "index" : 286 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 250 + "index" : 287 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 251 + "index" : 288 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 252 + "index" : 289 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 253 + "index" : 290 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 254 + "index" : 291 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 255 + "index" : 292 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 256 + "index" : 293 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 257 + "index" : 294 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 258 + "index" : 295 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 259 + "index" : 296 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 260 + "index" : 297 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 261 + "index" : 298 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 262 + "index" : 299 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 263 + "index" : 300 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 264 + "index" : 301 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 265 + "index" : 302 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 266 + "index" : 303 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 267 + "index" : 304 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 268 + "index" : 305 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 269 + "index" : 306 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 270 + "index" : 307 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 271 + "index" : 308 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 272 + "index" : 309 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 273 + "index" : 310 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 311 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 275 + "index" : 312 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 276 + "index" : 313 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 277 + "index" : 314 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 278 + "index" : 315 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 279 + "index" : 316 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 280 + "index" : 317 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 281 + "index" : 318 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 282 + "index" : 319 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 283 + "index" : 320 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 284 + "index" : 321 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 285 + "index" : 322 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 286 + "index" : 323 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 287 + "index" : 324 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 288 + "index" : 325 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 289 + "index" : 326 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 290 + "index" : 327 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 291 + "index" : 328 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 292 + "index" : 329 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 293 + "index" : 330 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 294 + "index" : 331 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 295 + "index" : 332 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package.json", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 296 + "index" : 333 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/ui5.yaml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/ui5.yaml", "uriBaseId" : "%SRCROOT%", - "index" : 297 + "index" : 334 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 298 + "index" : 335 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.html", "uriBaseId" : "%SRCROOT%", - "index" : 299 + "index" : 336 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/index.js", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 337 } }, { "location" : { - "uri" : "javascript/heuristic-models/tests/qlpack.yml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/manifest.json", "uriBaseId" : "%SRCROOT%", - "index" : 301 + "index" : 338 } }, { "location" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-oneway/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 302 + "index" : 339 } }, { "location" : { - "uri" : "scripts/qlpack.yml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package-lock.json", "uriBaseId" : "%SRCROOT%", - "index" : 303 + "index" : 340 } }, { "location" : { - "uri" : "scripts/CreateTestsFromYaml.py", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/package.json", "uriBaseId" : "%SRCROOT%", - "index" : 304 + "index" : 341 } - } ], - "results" : [ { - "ruleId" : "js/xss", - "rule" : { - "id" : "js/xss", - "index" : 34, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 4, - "startColumn" : 20, - "endColumn" : 25 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "6311a9ed7e4091a4:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 17, - "endColumn" : 51 - } - }, - "message" : { - "text" : "jQuery. ... param\")" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 9, - "endColumn" : 51 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 4, - "startColumn" : 20, - "endColumn" : 25 - } - }, - "message" : { - "text" : "value" - } - } - } ] - } ] - }, { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 17, - "endColumn" : 51 - } - }, - "message" : { - "text" : "jQuery. ... param\")" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 9, - "endColumn" : 51 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 4, - "startColumn" : 20, - "endColumn" : 25 - } - }, - "message" : { - "text" : "value" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 17, - "endColumn" : 51 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] }, { - "ruleId" : "js/xss", - "rule" : { - "id" : "js/xss", - "index" : 34, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 11, - "startColumn" : 20, - "endColumn" : 25 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "8e517fc6fdf32a1a:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "documen ... .search" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 10, - "startColumn" : 9, - "endColumn" : 41 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 11, - "startColumn" : 20, - "endColumn" : 25 - } - }, - "message" : { - "text" : "value" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 342 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 343 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/model.json", + "uriBaseId" : "%SRCROOT%", + "index" : 344 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 345 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 346 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 347 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 348 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 349 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 350 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 351 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 352 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 353 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 354 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 355 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uriBaseId" : "%SRCROOT%", + "index" : 356 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 357 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 358 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 359 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 360 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uriBaseId" : "%SRCROOT%", + "index" : 361 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uriBaseId" : "%SRCROOT%", + "index" : 362 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 363 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 364 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 365 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 366 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 367 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 368 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 369 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 370 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 371 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 372 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 373 + } }, { - "ruleId" : "js/xss", - "rule" : { - "id" : "js/xss", - "index" : 34, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 19, - "startColumn" : 20, - "endColumn" : 26 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "c51cf11a085c01f4:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 17, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "documen ... .search" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 17, - "startColumn" : 9, - "endColumn" : 41 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 18, - "startColumn" : 39, - "endColumn" : 44 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 18, - "startColumn" : 18, - "endColumn" : 45 - } - }, - "message" : { - "text" : "jQuery. ... (value)" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 18, - "startColumn" : 9, - "endColumn" : 45 - } - }, - "message" : { - "text" : "value1" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 19, - "startColumn" : 20, - "endColumn" : 26 - } - }, - "message" : { - "text" : "value1" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 17, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 374 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uriBaseId" : "%SRCROOT%", + "index" : 375 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 376 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 377 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 378 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 379 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 380 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 381 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 382 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", + "uriBaseId" : "%SRCROOT%", + "index" : 383 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 384 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 385 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 386 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uriBaseId" : "%SRCROOT%", + "index" : 387 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 388 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 389 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 390 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 391 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 392 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 393 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 394 + } }, { - "ruleId" : "js/xss", - "rule" : { - "id" : "js/xss", - "index" : 34, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 27, - "startColumn" : 20, - "endColumn" : 26 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "e309bf8540256a05:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 25, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "documen ... .search" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 25, - "startColumn" : 9, - "endColumn" : 41 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 26, - "startColumn" : 39, - "endColumn" : 44 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 26, - "startColumn" : 18, - "endColumn" : 45 - } - }, - "message" : { - "text" : "jQuery. ... (value)" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 26, - "startColumn" : 9, - "endColumn" : 45 - } - }, - "message" : { - "text" : "value1" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 27, - "startColumn" : 20, - "endColumn" : 26 - } - }, - "message" : { - "text" : "value1" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 25, - "startColumn" : 17, - "endColumn" : 41 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 395 + } }, { - "ruleId" : "js/missing-rate-limiting", - "rule" : { - "id" : "js/missing-rate-limiting", - "index" : 68, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "This route handler performs [a database access](1), but is not rate-limited." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 40, - "startColumn" : 25, - "endLine" : 44, - "endColumn" : 8 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "ac6d3bdd3d52ea9b:1", - "primaryLocationStartColumnFingerprint" : "18" - }, - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 41, - "startColumn" : 9, - "endLine" : 43, - "endColumn" : 11 - } - }, - "message" : { - "text" : "a database access" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 396 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 397 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uriBaseId" : "%SRCROOT%", + "index" : 398 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 399 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 400 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 401 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 402 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 403 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package-lock.json", + "uriBaseId" : "%SRCROOT%", + "index" : 404 + } }, { - "ruleId" : "js/sql-injection", - "rule" : { - "id" : "js/sql-injection", - "index" : 78, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "This query string depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 41, - "startColumn" : 20, - "endColumn" : 40 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "4fc3122b51f477a1:1", - "primaryLocationStartColumnFingerprint" : "11" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 41, - "startColumn" : 20, - "endColumn" : 40 - } - }, - "message" : { - "text" : "req2.params.category" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 41, - "startColumn" : 20, - "endColumn" : 40 - } - }, - "message" : { - "text" : "req2.params.category" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 41, - "startColumn" : 20, - "endColumn" : 40 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/package.json", + "uriBaseId" : "%SRCROOT%", + "index" : 405 + } }, { - "ruleId" : "js/log-injection", - "rule" : { - "id" : "js/log-injection", - "index" : 91, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Log entry depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 26, - "startColumn" : 19, - "endColumn" : 36 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "ccc6f77c65eccb45:1", - "primaryLocationStartColumnFingerprint" : "12" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 23, - "startColumn" : 34, - "endColumn" : 54 - } - }, - "message" : { - "text" : "req2.params.category" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 23, - "startColumn" : 13, - "endColumn" : 31 - } - }, - "message" : { - "text" : "{ book, quantity }" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 23, - "startColumn" : 15, - "endColumn" : 19 - } - }, - "message" : { - "text" : "book" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 23, - "startColumn" : 13, - "endColumn" : 54 - } - }, - "message" : { - "text" : "book" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 26, - "startColumn" : 32, - "endColumn" : 36 - } - }, - "message" : { - "text" : "book" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 26, - "startColumn" : 19, - "endColumn" : 36 - } - }, - "message" : { - "text" : "\"console:\" + book" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 23, - "startColumn" : 34, - "endColumn" : 54 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/ui5.yaml", + "uriBaseId" : "%SRCROOT%", + "index" : 406 + } }, { - "ruleId" : "js/log-injection", + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 407 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 408 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/index.js", + "uriBaseId" : "%SRCROOT%", + "index" : 409 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/manifest.json", + "uriBaseId" : "%SRCROOT%", + "index" : 410 + } + }, { + "location" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 411 + } + }, { + "location" : { + "uri" : "javascript/heuristic-models/tests/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 412 + } + }, { + "location" : { + "uri" : "javascript/heuristic-models/tests/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 413 + } + }, { + "location" : { + "uri" : "qlt.conf.json", + "uriBaseId" : "%SRCROOT%", + "index" : 414 + } + }, { + "location" : { + "uri" : "scripts/codeql-pack.lock.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 415 + } + }, { + "location" : { + "uri" : "scripts/qlpack.yml", + "uriBaseId" : "%SRCROOT%", + "index" : 416 + } + }, { + "location" : { + "uri" : "scripts/CreateTestsFromYaml.py", + "uriBaseId" : "%SRCROOT%", + "index" : 417 + } + } ], + "results" : [ { + "ruleId" : "js/xss", "rule" : { - "id" : "js/log-injection", - "index" : 91, + "id" : "js/xss", + "index" : 34, "toolComponent" : { "index" : 0 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 7, - "startColumn" : 18, - "endColumn" : 41 + "startLine" : 4, + "startColumn" : 20, + "endColumn" : 25 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "be9a18716e55d497:1", - "primaryLocationStartColumnFingerprint" : "13" + "primaryLocationLineHash" : "6311a9ed7e4091a4:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -16960,12 +19682,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 6, + "startLine" : 3, "startColumn" : 17, "endColumn" : 51 } @@ -16978,12 +19700,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 6, + "startLine" : 3, "startColumn" : 9, "endColumn" : 51 } @@ -16996,211 +19718,161 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 39 + "startLine" : 4, + "startColumn" : 20, + "endColumn" : 25 } }, "message" : { "text" : "value" } } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 7, - "startColumn" : 18, - "endColumn" : 41 - } - }, - "message" : { - "text" : "`[INFO] ... value}`" - } - } } ] } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 6, - "startColumn" : 17, - "endColumn" : 51 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/log-injection", - "rule" : { - "id" : "js/log-injection", - "index" : 91, - "toolComponent" : { - "index" : 0 - } - }, - "message" : { - "text" : "Log entry depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 15, - "startColumn" : 18, - "endColumn" : 41 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "be9a18716e55d497:2", - "primaryLocationStartColumnFingerprint" : "13" - }, - "codeFlows" : [ { + }, { "threadFlows" : [ { "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 13, - "startColumn" : 23, - "endColumn" : 30 - } - }, - "message" : { - "text" : "req.url" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 13, - "startColumn" : 13, - "endColumn" : 37 + "startLine" : 3, + "startColumn" : 17, + "endColumn" : 51 } }, "message" : { - "text" : "url.par ... , true)" + "text" : "jQuery. ... param\")" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 13, + "startLine" : 3, "startColumn" : 9, - "endColumn" : 37 - } - }, - "message" : { - "text" : "q" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 14, - "startColumn" : 17, - "endColumn" : 18 + "endColumn" : 51 } }, "message" : { - "text" : "q" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 14, - "startColumn" : 17, - "endColumn" : 24 + "startLine" : 4, + "startColumn" : 20, + "endColumn" : 25 } }, "message" : { - "text" : "q.query" + "text" : "value" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 3, + "startColumn" : 17, + "endColumn" : 51 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/xss", + "rule" : { + "id" : "js/xss", + "index" : 34, + "toolComponent" : { + "index" : 0 + } + }, + "message" : { + "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 11, + "startColumn" : 20, + "endColumn" : 25 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "8e517fc6fdf32a1a:1", + "primaryLocationStartColumnFingerprint" : "15" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 14, + "startLine" : 10, "startColumn" : 17, - "endColumn" : 33 + "endColumn" : 41 } }, "message" : { - "text" : "q.query.username" + "text" : "documen ... .search" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 14, + "startLine" : 10, "startColumn" : 9, - "endColumn" : 33 + "endColumn" : 41 } }, "message" : { @@ -17211,38 +19883,20 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 15, - "startColumn" : 34, - "endColumn" : 39 + "startLine" : 11, + "startColumn" : 20, + "endColumn" : 25 } }, "message" : { "text" : "value" } } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 15, - "startColumn" : 18, - "endColumn" : 41 - } - }, - "message" : { - "text" : "`[INFO] ... value}`" - } - } } ] } ] } ], @@ -17250,14 +19904,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 13, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 10, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { @@ -17265,34 +19919,34 @@ } } ] }, { - "ruleId" : "js/log-injection", + "ruleId" : "js/xss", "rule" : { - "id" : "js/log-injection", - "index" : 91, + "id" : "js/xss", + "index" : 34, "toolComponent" : { "index" : 0 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 24, - "startColumn" : 18, - "endColumn" : 42 + "startLine" : 19, + "startColumn" : 20, + "endColumn" : 26 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "e197b363f9dc3962:1", - "primaryLocationStartColumnFingerprint" : "13" + "primaryLocationLineHash" : "c51cf11a085c01f4:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -17300,122 +19954,193 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 21, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 17, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { - "text" : "req.url" + "text" : "documen ... .search" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 21, - "startColumn" : 13, - "endColumn" : 37 + "startLine" : 17, + "startColumn" : 9, + "endColumn" : 41 } }, "message" : { - "text" : "url.par ... , true)" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 21, - "startColumn" : 9, - "endColumn" : 37 + "startLine" : 18, + "startColumn" : 39, + "endColumn" : 44 } }, "message" : { - "text" : "q" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 22, - "startColumn" : 17, - "endColumn" : 18 + "startLine" : 18, + "startColumn" : 18, + "endColumn" : 45 } }, "message" : { - "text" : "q" + "text" : "jQuery. ... (value)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 22, - "startColumn" : 17, - "endColumn" : 24 + "startLine" : 18, + "startColumn" : 9, + "endColumn" : 45 } }, "message" : { - "text" : "q.query" + "text" : "value1" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 22, + "startLine" : 19, + "startColumn" : 20, + "endColumn" : 26 + } + }, + "message" : { + "text" : "value1" + } + } + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 17, + "startColumn" : 17, + "endColumn" : 41 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/xss", + "rule" : { + "id" : "js/xss", + "index" : 34, + "toolComponent" : { + "index" : 0 + } + }, + "message" : { + "text" : "Cross-site scripting vulnerability due to [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 27, + "startColumn" : 20, + "endColumn" : 26 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "e309bf8540256a05:1", + "primaryLocationStartColumnFingerprint" : "15" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 25, "startColumn" : 17, - "endColumn" : 33 + "endColumn" : 41 } }, "message" : { - "text" : "q.query.username" + "text" : "documen ... .search" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 22, + "startLine" : 25, "startColumn" : 9, - "endColumn" : 33 + "endColumn" : 41 } }, "message" : { @@ -17426,12 +20151,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 23, + "startLine" : 26, "startColumn" : 39, "endColumn" : 44 } @@ -17444,12 +20169,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 23, + "startLine" : 26, "startColumn" : 18, "endColumn" : 45 } @@ -17462,12 +20187,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 23, + "startLine" : 26, "startColumn" : 9, "endColumn" : 45 } @@ -17480,38 +20205,20 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 24, - "startColumn" : 34, - "endColumn" : 40 + "startLine" : 27, + "startColumn" : 20, + "endColumn" : 26 } }, "message" : { "text" : "value1" } } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 24, - "startColumn" : 18, - "endColumn" : 42 - } - }, - "message" : { - "text" : "`[INFO] ... alue1}`" - } - } } ] } ] } ], @@ -17519,14 +20226,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 0 }, "region" : { - "startLine" : 21, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 25, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { @@ -17534,123 +20241,84 @@ } } ] }, { - "ruleId" : "js/log-injection", + "ruleId" : "js/missing-rate-limiting", "rule" : { - "id" : "js/log-injection", - "index" : 91, + "id" : "js/missing-rate-limiting", + "index" : 68, "toolComponent" : { "index" : 0 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "This route handler performs [a database access](1), but is not rate-limited." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 4 + "index" : 1 }, "region" : { - "startLine" : 5, - "startColumn" : 17, - "endColumn" : 33 + "startLine" : 40, + "startColumn" : 25, + "endLine" : 44, + "endColumn" : 8 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "45280b24f3d81287:1", - "primaryLocationStartColumnFingerprint" : "12" + "primaryLocationLineHash" : "ac6d3bdd3d52ea9b:1", + "primaryLocationStartColumnFingerprint" : "18" }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", - "uriBaseId" : "%SRCROOT%", - "index" : 4 - }, - "region" : { - "startLine" : 5, - "startColumn" : 17, - "endColumn" : 33 - } - }, - "message" : { - "text" : "req.responseText" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", - "uriBaseId" : "%SRCROOT%", - "index" : 4 - }, - "region" : { - "startLine" : 5, - "startColumn" : 17, - "endColumn" : 33 - } - }, - "message" : { - "text" : "req.responseText" - } - } - } ] - } ] - } ], "relatedLocations" : [ { "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/heuristic-models/tests/Sources/test.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 4 + "index" : 1 }, "region" : { - "startLine" : 5, - "startColumn" : 17, - "endColumn" : 33 + "startLine" : 41, + "startColumn" : 9, + "endLine" : 43, + "endColumn" : 11 } }, "message" : { - "text" : "user-provided value" + "text" : "a database access" } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/sql-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/sql-injection", + "index" : 78, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "This query string depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 1 }, "region" : { - "startLine" : 5, - "startColumn" : 27, - "endColumn" : 32 + "startLine" : 41, + "startColumn" : 20, + "endColumn" : 40 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "92dbc37bdafc7694:1", - "primaryLocationStartColumnFingerprint" : "22" + "primaryLocationLineHash" : "4fc3122b51f477a1:1", + "primaryLocationStartColumnFingerprint" : "11" }, "codeFlows" : [ { "threadFlows" : [ { @@ -17658,54 +20326,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 3, - "startColumn" : 17, - "endColumn" : 51 - } - }, - "message" : { - "text" : "jQuery. ... param\")" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 1 }, "region" : { - "startLine" : 3, - "startColumn" : 9, - "endColumn" : 51 + "startLine" : 41, + "startColumn" : 20, + "endColumn" : 40 } }, "message" : { - "text" : "value" + "text" : "req2.params.category" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 1 }, "region" : { - "startLine" : 5, - "startColumn" : 27, - "endColumn" : 32 + "startLine" : 41, + "startColumn" : 20, + "endColumn" : 40 } }, "message" : { - "text" : "value" + "text" : "req2.params.category" } } } ] @@ -17715,14 +20365,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 1 }, "region" : { - "startLine" : 3, - "startColumn" : 17, - "endColumn" : 51 + "startLine" : 41, + "startColumn" : 20, + "endColumn" : 40 } }, "message" : { @@ -17730,34 +20380,34 @@ } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/log-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/log-injection", + "index" : 91, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 2 }, "region" : { - "startLine" : 12, - "startColumn" : 27, - "endColumn" : 32 + "startLine" : 26, + "startColumn" : 19, + "endColumn" : 36 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "faa1832c387d2ee5:1", - "primaryLocationStartColumnFingerprint" : "22" + "primaryLocationLineHash" : "ccc6f77c65eccb45:1", + "primaryLocationStartColumnFingerprint" : "12" }, "codeFlows" : [ { "threadFlows" : [ { @@ -17765,54 +20415,108 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 23, + "startColumn" : 34, + "endColumn" : 54 + } + }, + "message" : { + "text" : "req2.params.category" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 2 }, "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 41 + "startLine" : 23, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { - "text" : "documen ... .search" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 2 }, "region" : { - "startLine" : 10, - "startColumn" : 9, - "endColumn" : 41 + "startLine" : 23, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "value" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 2 }, "region" : { - "startLine" : 12, - "startColumn" : 27, - "endColumn" : 32 + "startLine" : 23, + "startColumn" : 13, + "endColumn" : 54 } }, "message" : { - "text" : "value" + "text" : "book" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 26, + "startColumn" : 32, + "endColumn" : 36 + } + }, + "message" : { + "text" : "book" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 26, + "startColumn" : 19, + "endColumn" : 36 + } + }, + "message" : { + "text" : "\"console:\" + book" } } } ] @@ -17822,14 +20526,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 2 }, "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 41 + "startLine" : 23, + "startColumn" : 34, + "endColumn" : 54 } }, "message" : { @@ -17837,34 +20541,34 @@ } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/log-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/log-injection", + "index" : 91, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 20, - "startColumn" : 27, - "endColumn" : 33 + "startLine" : 7, + "startColumn" : 18, + "endColumn" : 41 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "8291f53a2e235d15:1", - "primaryLocationStartColumnFingerprint" : "22" + "primaryLocationLineHash" : "be9a18716e55d497:1", + "primaryLocationStartColumnFingerprint" : "13" }, "codeFlows" : [ { "threadFlows" : [ { @@ -17872,32 +20576,32 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 17, + "startLine" : 6, "startColumn" : 17, - "endColumn" : 41 + "endColumn" : 51 } }, "message" : { - "text" : "documen ... .search" + "text" : "jQuery. ... param\")" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 17, + "startLine" : 6, "startColumn" : 9, - "endColumn" : 41 + "endColumn" : 51 } }, "message" : { @@ -17908,14 +20612,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 18, - "startColumn" : 39, - "endColumn" : 44 + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 39 } }, "message" : { @@ -17926,54 +20630,18 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 18, + "startLine" : 7, "startColumn" : 18, - "endColumn" : 45 - } - }, - "message" : { - "text" : "jQuery. ... (value)" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 18, - "startColumn" : 9, - "endColumn" : 45 - } - }, - "message" : { - "text" : "value1" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 0 - }, - "region" : { - "startLine" : 20, - "startColumn" : 27, - "endColumn" : 33 + "endColumn" : 41 } }, "message" : { - "text" : "value1" + "text" : "`[INFO] ... value}`" } } } ] @@ -17983,14 +20651,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 0 + "index" : 3 }, "region" : { - "startLine" : 17, + "startLine" : 6, "startColumn" : 17, - "endColumn" : 41 + "endColumn" : 51 } }, "message" : { @@ -17998,35 +20666,34 @@ } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/log-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/log-injection", + "index" : 91, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 3 }, "region" : { - "startLine" : 132, - "startColumn" : 7, - "endLine" : 134, - "endColumn" : 16 + "startLine" : 15, + "startColumn" : 18, + "endColumn" : 41 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "63ace7b071639814:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "be9a18716e55d497:2", + "primaryLocationStartColumnFingerprint" : "13" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18034,109 +20701,162 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 13, + "startColumn" : 23, + "endColumn" : 30 + } + }, + "message" : { + "text" : "req.url" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 13, + "startColumn" : 13, + "endColumn" : 37 + } + }, + "message" : { + "text" : "url.par ... , true)" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 13, + "startColumn" : 9, + "endColumn" : 37 + } + }, + "message" : { + "text" : "q" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 3 }, "region" : { - "startLine" : 23, - "startColumn" : 25, - "endColumn" : 48 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 18 } }, "message" : { - "text" : "oSearch ... Value()" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 3 }, "region" : { - "startLine" : 23, - "startColumn" : 11, - "endColumn" : 48 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 24 } }, "message" : { - "text" : "searchValue" + "text" : "q.query" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 3 }, "region" : { - "startLine" : 27, - "startColumn" : 34, - "endColumn" : 45 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { - "text" : "searchValue" + "text" : "q.query.username" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 3 }, "region" : { - "startLine" : 17, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 14, + "startColumn" : 9, + "endColumn" : 33 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 3 }, "region" : { - "startLine" : 133, - "startColumn" : 8, - "endColumn" : 27 + "startLine" : 15, + "startColumn" : 34, + "endColumn" : 39 } }, "message" : { - "text" : "oControl.getTitle()" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 171 + "index" : 3 }, "region" : { - "startLine" : 132, - "startColumn" : 7, - "endLine" : 134, - "endColumn" : 16 + "startLine" : 15, + "startColumn" : 18, + "endColumn" : 41 } }, "message" : { - "text" : "\"
T ...
\"" + "text" : "`[INFO] ... value}`" } } } ] @@ -18146,14 +20866,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 170 + "index" : 3 }, "region" : { - "startLine" : 23, - "startColumn" : 25, - "endColumn" : 48 + "startLine" : 13, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { @@ -18161,34 +20881,34 @@ } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/log-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/log-injection", + "index" : 91, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 191 + "index" : 3 }, "region" : { - "startLine" : 14, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 24, + "startColumn" : 18, + "endColumn" : 42 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "fc87b07640e9d85:1", - "primaryLocationStartColumnFingerprint" : "10" + "primaryLocationLineHash" : "e197b363f9dc3962:1", + "primaryLocationStartColumnFingerprint" : "13" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18196,200 +20916,216 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 195 + "index" : 3 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 21, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { - "text" : "value={/input}" + "text" : "req.url" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 192 + "index" : 3 }, "region" : { - "startLine" : 9, + "startLine" : 21, + "startColumn" : 13, + "endColumn" : 37 + } + }, + "message" : { + "text" : "url.par ... , true)" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 21, + "startColumn" : 9, + "endColumn" : 37 + } + }, + "message" : { + "text" : "q" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 22, "startColumn" : 17, - "endColumn" : 28 + "endColumn" : 18 } }, "message" : { - "text" : "input: null" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 191 + "index" : 3 }, "region" : { - "startLine" : 7, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 22, + "startColumn" : 17, + "endColumn" : 24 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "q.query" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 191 + "index" : 3 }, "region" : { - "startLine" : 14, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 22, + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { - "text" : "oControl.getText()" + "text" : "q.query.username" } } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 195 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/ui5-xss", - "rule" : { - "id" : "js/ui5-xss", - "index" : 0, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 198 - }, - "region" : { - "startLine" : 14, - "startColumn" : 32, - "endColumn" : 50 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "352d5eac262ae765:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 22, + "startColumn" : 9, + "endColumn" : 33 + } + }, + "message" : { + "text" : "value" + } + } + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 203 + "index" : 3 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 23, + "startColumn" : 39, + "endColumn" : 44 } }, "message" : { - "text" : "value={/input}" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 199 + "index" : 3 }, "region" : { - "startLine" : 9, - "startColumn" : 17, - "endColumn" : 28 + "startLine" : 23, + "startColumn" : 18, + "endColumn" : 45 } }, "message" : { - "text" : "input: null" + "text" : "jQuery. ... (value)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 198 + "index" : 3 }, "region" : { - "startLine" : 7, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 23, + "startColumn" : 9, + "endColumn" : 45 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "value1" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 198 + "index" : 3 }, "region" : { - "startLine" : 14, - "startColumn" : 32, - "endColumn" : 50 + "startLine" : 24, + "startColumn" : 34, + "endColumn" : 40 } }, "message" : { - "text" : "oControl.getText()" + "text" : "value1" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 24, + "startColumn" : 18, + "endColumn" : 42 + } + }, + "message" : { + "text" : "`[INFO] ... alue1}`" } } } ] @@ -18399,15 +21135,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 203 + "index" : 3 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 21, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { @@ -18415,34 +21150,34 @@ } } ] }, { - "ruleId" : "js/ui5-xss", + "ruleId" : "js/log-injection", "rule" : { - "id" : "js/ui5-xss", - "index" : 0, + "id" : "js/log-injection", + "index" : 91, "toolComponent" : { - "index" : 1 + "index" : 0 } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uri" : "javascript/heuristic-models/tests/Sources/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 205 + "index" : 4 }, "region" : { - "startLine" : 14, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 5, + "startColumn" : 17, + "endColumn" : 33 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "352d5ec8b0c3bb0d:1", - "primaryLocationStartColumnFingerprint" : "15" + "primaryLocationLineHash" : "45280b24f3d81287:1", + "primaryLocationStartColumnFingerprint" : "12" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18450,73 +21185,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", + "uri" : "javascript/heuristic-models/tests/Sources/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 208 + "index" : 4 }, "region" : { "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "value={/input}" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 206 - }, - "region" : { - "startLine" : 9, "startColumn" : 17, - "endColumn" : 28 - } - }, - "message" : { - "text" : "input: null" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 205 - }, - "region" : { - "startLine" : 7, - "startColumn" : 19, - "endColumn" : 37 + "endColumn" : 33 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "req.responseText" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", + "uri" : "javascript/heuristic-models/tests/Sources/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 205 + "index" : 4 }, "region" : { - "startLine" : 14, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 5, + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { - "text" : "oControl.getText()" + "text" : "req.responseText" } } } ] @@ -18526,15 +21224,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", + "uri" : "javascript/heuristic-models/tests/Sources/test.js", "uriBaseId" : "%SRCROOT%", - "index" : 208 + "index" : 4 }, "region" : { "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { @@ -18556,20 +21253,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 0 }, "region" : { - "startLine" : 27, - "startColumn" : 36, - "endColumn" : 41 + "startLine" : 5, + "startColumn" : 27, + "endColumn" : 32 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "8ceecee7055f4fa2:1", - "primaryLocationStartColumnFingerprint" : "23" + "primaryLocationLineHash" : "92dbc37bdafc7694:1", + "primaryLocationStartColumnFingerprint" : "22" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18577,32 +21274,32 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 0 }, "region" : { - "startLine" : 26, - "startColumn" : 25, - "endColumn" : 42 + "startLine" : 3, + "startColumn" : 17, + "endColumn" : 51 } }, "message" : { - "text" : "oInput.getValue()" + "text" : "jQuery. ... param\")" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 0 }, "region" : { - "startLine" : 26, - "startColumn" : 17, - "endColumn" : 42 + "startLine" : 3, + "startColumn" : 9, + "endColumn" : 51 } }, "message" : { @@ -18613,14 +21310,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 0 }, "region" : { - "startLine" : 27, - "startColumn" : 36, - "endColumn" : 41 + "startLine" : 5, + "startColumn" : 27, + "endColumn" : 32 } }, "message" : { @@ -18634,14 +21331,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 0 }, "region" : { - "startLine" : 26, - "startColumn" : 25, - "endColumn" : 42 + "startLine" : 3, + "startColumn" : 17, + "endColumn" : 51 } }, "message" : { @@ -18663,94 +21360,75 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 264 + "index" : 0 }, - "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "353ad97f4bff4eae:1", - "primaryLocationStartColumnFingerprint" : "15" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 268 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "value={/input}" - } - } - }, { + "region" : { + "startLine" : 12, + "startColumn" : 27, + "endColumn" : 32 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "faa1832c387d2ee5:1", + "primaryLocationStartColumnFingerprint" : "22" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 265 + "index" : 0 }, "region" : { - "startLine" : 9, + "startLine" : 10, "startColumn" : 17, - "endColumn" : 28 + "endColumn" : 41 } }, "message" : { - "text" : "input: null" + "text" : "documen ... .search" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 263 + "index" : 0 }, "region" : { - "startLine" : 5, - "startColumn" : 15, - "endColumn" : 33 + "startLine" : 10, + "startColumn" : 9, + "endColumn" : 41 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 264 + "index" : 0 }, "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 12, + "startColumn" : 27, + "endColumn" : 32 } }, "message" : { - "text" : "oControl.getText()" + "text" : "value" } } } ] @@ -18760,15 +21438,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 268 + "index" : 0 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 10, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { @@ -18790,20 +21467,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 281 + "index" : 0 }, "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 20, + "startColumn" : 27, + "endColumn" : 33 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "353ad97f4bff4eae:1", - "primaryLocationStartColumnFingerprint" : "15" + "primaryLocationLineHash" : "8291f53a2e235d15:1", + "primaryLocationStartColumnFingerprint" : "22" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18811,73 +21488,108 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 287 + "index" : 0 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 17, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { - "text" : "value={/input}" + "text" : "documen ... .search" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 284 + "index" : 0 }, "region" : { - "startLine" : 9, - "startColumn" : 17, - "endColumn" : 28 + "startLine" : 17, + "startColumn" : 9, + "endColumn" : 41 } }, "message" : { - "text" : "input: null" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 282 + "index" : 0 }, "region" : { - "startLine" : 7, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 18, + "startColumn" : 39, + "endColumn" : 44 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 281 + "index" : 0 }, "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 18, + "startColumn" : 18, + "endColumn" : 45 } }, "message" : { - "text" : "oControl.getText()" + "text" : "jQuery. ... (value)" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 18, + "startColumn" : 9, + "endColumn" : 45 + } + }, + "message" : { + "text" : "value1" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 20, + "startColumn" : 27, + "endColumn" : 33 + } + }, + "message" : { + "text" : "value1" } } } ] @@ -18887,15 +21599,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/avoid-duplicate-alerts/XssTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 287 + "index" : 0 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 17, + "startColumn" : 17, + "endColumn" : 41 } }, "message" : { @@ -18917,20 +21628,21 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", "uriBaseId" : "%SRCROOT%", - "index" : 291 + "index" : 243 }, "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 132, + "startColumn" : 7, + "endLine" : 134, + "endColumn" : 16 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "353ad97f4bff4eae:1", - "primaryLocationStartColumnFingerprint" : "15" + "primaryLocationLineHash" : "63ace7b071639814:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -18938,51 +21650,68 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 295 + "index" : 242 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 23, + "startColumn" : 25, + "endColumn" : 48 } }, "message" : { - "text" : "value={/input}" + "text" : "oSearch ... Value()" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 292 + "index" : 242 }, "region" : { - "startLine" : 9, - "startColumn" : 17, - "endColumn" : 28 + "startLine" : 23, + "startColumn" : 11, + "endColumn" : 48 } }, "message" : { - "text" : "input: null" + "text" : "searchValue" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 290 + "index" : 242 }, "region" : { - "startLine" : 7, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 27, + "startColumn" : 34, + "endColumn" : 45 + } + }, + "message" : { + "text" : "searchValue" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uriBaseId" : "%SRCROOT%", + "index" : 243 + }, + "region" : { + "startLine" : 17, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { @@ -18993,18 +21722,37 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", "uriBaseId" : "%SRCROOT%", - "index" : 291 + "index" : 243 }, "region" : { - "startLine" : 8, - "startColumn" : 28, - "endColumn" : 46 + "startLine" : 133, + "startColumn" : 8, + "endColumn" : 27 } }, "message" : { - "text" : "oControl.getText()" + "text" : "oControl.getTitle()" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controls/Book.js", + "uriBaseId" : "%SRCROOT%", + "index" : 243 + }, + "region" : { + "startLine" : 132, + "startColumn" : 7, + "endLine" : 134, + "endColumn" : 16 + } + }, + "message" : { + "text" : "\"
T ...
\"" } } } ] @@ -19014,15 +21762,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/controller/App.Controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 295 + "index" : 242 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 23, + "startColumn" : 25, + "endColumn" : 48 } }, "message" : { @@ -19044,20 +21791,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 266 }, "region" : { - "startLine" : 21, - "startColumn" : 22, - "endColumn" : 32 + "startLine" : 14, + "startColumn" : 23, + "endColumn" : 41 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "5d5122f6c75b5d01:1", - "primaryLocationStartColumnFingerprint" : "9" + "primaryLocationLineHash" : "fc87b07640e9d85:1", + "primaryLocationStartColumnFingerprint" : "10" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19065,27 +21812,28 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 271 }, "region" : { - "startLine" : 18, - "startColumn" : 20, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "/input" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 271 + "index" : 267 }, "region" : { "startLine" : 9, @@ -19101,18 +21849,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 266 }, "region" : { - "startLine" : 21, - "startColumn" : 22, - "endColumn" : 32 + "startLine" : 7, + "startColumn" : 23, + "endColumn" : 41 } }, "message" : { - "text" : "/input" + "text" : "{ type: \"string\" }" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 266 + }, + "region" : { + "startLine" : 14, + "startColumn" : 23, + "endColumn" : 41 + } + }, + "message" : { + "text" : "oControl.getText()" } } } ] @@ -19122,14 +21888,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api1/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 274 + "index" : 271 }, "region" : { - "startLine" : 18, - "startColumn" : 20, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -19151,20 +21918,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 275 }, "region" : { - "startLine" : 8, - "startColumn" : 5, + "startLine" : 14, + "startColumn" : 32, "endColumn" : 50 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "74b35e217af6aa05:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "352d5eac262ae765:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19172,9 +21939,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 280 }, "region" : { "startLine" : 5, @@ -19191,12 +21958,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 276 }, "region" : { - "startLine" : 10, + "startLine" : 9, "startColumn" : 17, "endColumn" : 28 } @@ -19209,18 +21976,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 275 }, "region" : { - "startLine" : 8, - "startColumn" : 5, + "startLine" : 7, + "startColumn" : 23, + "endColumn" : 41 + } + }, + "message" : { + "text" : "{ type: \"string\" }" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 275 + }, + "region" : { + "startLine" : 14, + "startColumn" : 32, "endColumn" : 50 } }, "message" : { - "text" : "content={/input}" + "text" : "oControl.getText()" } } } ] @@ -19230,9 +22015,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-api2/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 280 }, "region" : { "startLine" : 5, @@ -19260,20 +22045,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 284 }, "region" : { - "startLine" : 9, - "startColumn" : 5, - "endColumn" : 40 + "startLine" : 14, + "startColumn" : 28, + "endColumn" : 46 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "9caa0f252fbe2993:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "352d5ec8b0c3bb0d:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19281,9 +22066,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 289 }, "region" : { "startLine" : 5, @@ -19300,12 +22085,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 285 }, "region" : { - "startLine" : 31, + "startLine" : 9, "startColumn" : 17, "endColumn" : 28 } @@ -19318,90 +22103,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 226 - }, - "region" : { - "startLine" : 9, - "startColumn" : 25, - "endColumn" : 53 - } - }, - "message" : { - "text" : "oModel. ... input')" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 226 - }, - "region" : { - "startLine" : 9, - "startColumn" : 17, - "endColumn" : 53 - } - }, - "message" : { - "text" : "input" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 226 - }, - "region" : { - "startLine" : 10, - "startColumn" : 44, - "endColumn" : 49 - } - }, - "message" : { - "text" : "input" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 284 }, "region" : { - "startLine" : 32, - "startColumn" : 17, - "endColumn" : 30 + "startLine" : 7, + "startColumn" : 19, + "endColumn" : 37 } }, "message" : { - "text" : "output1: null" + "text" : "{ type: \"string\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 284 }, "region" : { - "startLine" : 9, - "startColumn" : 5, - "endColumn" : 40 + "startLine" : 14, + "startColumn" : 28, + "endColumn" : 46 } }, "message" : { - "text" : "content={/output1}" + "text" : "oControl.getText()" } } } ] @@ -19411,9 +22142,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-custom-control-jquery/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 289 }, "region" : { "startLine" : 5, @@ -19441,20 +22172,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 311 }, "region" : { - "startLine" : 17, - "startColumn" : 5, - "endColumn" : 40 + "startLine" : 27, + "startColumn" : 36, + "endColumn" : 41 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "2963bbd458e69924:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "8ceecee7055f4fa2:1", + "primaryLocationStartColumnFingerprint" : "23" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19464,52 +22195,16 @@ "artifactLocation" : { "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 - }, - "region" : { - "startLine" : 18, - "startColumn" : 31, - "endColumn" : 60 - } - }, - "message" : { - "text" : "oEvent. ... Value()" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 226 - }, - "region" : { - "startLine" : 18, - "startColumn" : 17, - "endColumn" : 60 - } - }, - "message" : { - "text" : "sInputValue" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 311 }, "region" : { - "startLine" : 19, - "startColumn" : 44, - "endColumn" : 55 + "startLine" : 26, + "startColumn" : 25, + "endColumn" : 42 } }, "message" : { - "text" : "sInputValue" + "text" : "oInput.getValue()" } } }, { @@ -19518,34 +22213,34 @@ "artifactLocation" : { "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 311 }, "region" : { - "startLine" : 34, + "startLine" : 26, "startColumn" : 17, - "endColumn" : 30 + "endColumn" : 42 } }, "message" : { - "text" : "output3: null" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 229 + "index" : 311 }, "region" : { - "startLine" : 17, - "startColumn" : 5, - "endColumn" : 40 + "startLine" : 27, + "startColumn" : 36, + "endColumn" : 41 } }, "message" : { - "text" : "content={/output3}" + "text" : "value" } } } ] @@ -19557,12 +22252,12 @@ "artifactLocation" : { "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 226 + "index" : 311 }, "region" : { - "startLine" : 18, - "startColumn" : 31, - "endColumn" : 60 + "startLine" : 26, + "startColumn" : 25, + "endColumn" : 42 } }, "message" : { @@ -19584,20 +22279,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 234 + "index" : 362 }, "region" : { "startLine" : 8, - "startColumn" : 5, - "endColumn" : 37 + "startColumn" : 28, + "endColumn" : 46 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "97b29ed20ac04ff0:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "353ad97f4bff4eae:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19605,9 +22300,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 234 + "index" : 367 }, "region" : { "startLine" : 5, @@ -19624,9 +22319,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 232 + "index" : 363 }, "region" : { "startLine" : 9, @@ -19642,18 +22337,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssBase.js", + "uriBaseId" : "%SRCROOT%", + "index" : 361 + }, + "region" : { + "startLine" : 5, + "startColumn" : 15, + "endColumn" : 33 + } + }, + "message" : { + "text" : "{ type: \"string\" }" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 234 + "index" : 362 }, "region" : { "startLine" : 8, - "startColumn" : 5, - "endColumn" : 37 + "startColumn" : 28, + "endColumn" : 46 } }, "message" : { - "text" : "content={/input}" + "text" : "oControl.getText()" } } } ] @@ -19663,9 +22376,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-indirect-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 234 + "index" : 367 }, "region" : { "startLine" : 5, @@ -19693,20 +22406,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 387 }, "region" : { "startLine" : 8, - "startColumn" : 5, - "endColumn" : 38 + "startColumn" : 28, + "endColumn" : 46 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "1406455ac263a2d9:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "353ad97f4bff4eae:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19714,68 +22427,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 241 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "value={/input}" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 237 - }, - "region" : { - "startLine" : 12, - "startColumn" : 26, - "endColumn" : 46 - } - }, - "message" : { - "text" : "new JSONModel(oData)" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 241 - }, - "region" : { - "startLine" : 8, - "startColumn" : 5, - "endColumn" : 38 - } - }, - "message" : { - "text" : "content={/output}" - } - } - } ] - } ] - }, { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 393 }, "region" : { "startLine" : 5, @@ -19792,9 +22446,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 237 + "index" : 389 }, "region" : { "startLine" : 9, @@ -19810,90 +22464,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 237 - }, - "region" : { - "startLine" : 15, - "startColumn" : 25, - "endColumn" : 53 - } - }, - "message" : { - "text" : "oModel. ... input')" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 237 - }, - "region" : { - "startLine" : 15, - "startColumn" : 17, - "endColumn" : 53 - } - }, - "message" : { - "text" : "input" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 237 - }, - "region" : { - "startLine" : 16, - "startColumn" : 43, - "endColumn" : 48 - } - }, - "message" : { - "text" : "input" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 237 + "index" : 388 }, "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 29 + "startLine" : 7, + "startColumn" : 23, + "endColumn" : 41 } }, "message" : { - "text" : "output: null" + "text" : "{ type: \"string\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/control/renderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 387 }, "region" : { "startLine" : 8, - "startColumn" : 5, - "endColumn" : 38 + "startColumn" : 28, + "endColumn" : 46 } }, "message" : { - "text" : "content={/output}" + "text" : "oControl.getText()" } } } ] @@ -19903,9 +22503,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 241 + "index" : 393 }, "region" : { "startLine" : 5, @@ -19933,20 +22533,20 @@ "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 258 + "index" : 398 }, "region" : { "startLine" : 8, - "startColumn" : 11, - "endColumn" : 34 + "startColumn" : 28, + "endColumn" : 46 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "5edd24be658b61a4:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "353ad97f4bff4eae:1", + "primaryLocationStartColumnFingerprint" : "15" }, "codeFlows" : [ { "threadFlows" : [ { @@ -19954,27 +22554,28 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 258 + "index" : 403 }, "region" : { "startLine" : 5, - "startColumn" : 11, - "endColumn" : 32 + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "data-value={/input}" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 256 + "index" : 399 }, "region" : { "startLine" : 9, @@ -19990,18 +22591,36 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 397 + }, + "region" : { + "startLine" : 7, + "startColumn" : 23, + "endColumn" : 41 + } + }, + "message" : { + "text" : "{ type: \"string\" }" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/control/xssRenderer.js", "uriBaseId" : "%SRCROOT%", - "index" : 258 + "index" : 398 }, "region" : { "startLine" : 8, - "startColumn" : 11, - "endColumn" : 34 + "startColumn" : 28, + "endColumn" : 46 } }, "message" : { - "text" : "data-content={/input}" + "text" : "oControl.getText()" } } } ] @@ -20011,14 +22630,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-separate-renderer-byname/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 258 + "index" : 403 }, "region" : { "startLine" : 5, - "startColumn" : 11, - "endColumn" : 32 + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -20035,25 +22655,25 @@ } }, "message" : { - "text" : "XSS vulnerability due to [user-provided value](1).\nXSS vulnerability due to [user-provided value](2)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 375 }, "region" : { - "startLine" : 22, - "startColumn" : 5, - "endColumn" : 38 + "startLine" : 21, + "startColumn" : 22, + "endColumn" : 32 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "6e0d8f690e30e24a:1", - "primaryLocationStartColumnFingerprint" : "0" + "primaryLocationLineHash" : "5d5122f6c75b5d01:1", + "primaryLocationStartColumnFingerprint" : "9" }, "codeFlows" : [ { "threadFlows" : [ { @@ -20061,28 +22681,27 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 375 }, "region" : { - "startLine" : 8, - "startColumn" : 5, - "endLine" : 10, - "endColumn" : 27 + "startLine" : 18, + "startColumn" : 20, + "endColumn" : 30 } }, "message" : { - "text" : "value={/input}" + "text" : "/input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 298 + "index" : 371 }, "region" : { "startLine" : 9, @@ -20098,50 +22717,98 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 375 }, "region" : { - "startLine" : 22, - "startColumn" : 5, - "endColumn" : 38 + "startLine" : 21, + "startColumn" : 22, + "endColumn" : 32 } }, "message" : { - "text" : "content={/input}" + "text" : "/input" } } } ] } ] - }, { + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-js-view/webapp/view/app.view.js", + "uriBaseId" : "%SRCROOT%", + "index" : 375 + }, + "region" : { + "startLine" : 18, + "startColumn" : 20, + "endColumn" : 30 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-xss", + "rule" : { + "id" : "js/ui5-xss", + "index" : 0, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "XSS vulnerability due to [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", + "uriBaseId" : "%SRCROOT%", + "index" : 383 + }, + "region" : { + "startLine" : 13, + "startColumn" : 15, + "endColumn" : 25 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "c18df3aa119b40dc:1", + "primaryLocationStartColumnFingerprint" : "11" + }, + "codeFlows" : [ { "threadFlows" : [ { "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 383 }, "region" : { - "startLine" : 15, - "startColumn" : 5, - "endLine" : 18, - "endColumn" : 29 + "startLine" : 9, + "startColumn" : 13, + "endColumn" : 23 } }, "message" : { - "text" : "value={/input}" + "text" : "\"value\": \"{/input}\"" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 298 + "index" : 379 }, "region" : { "startLine" : 9, @@ -20157,18 +22824,18 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 383 }, "region" : { - "startLine" : 22, - "startColumn" : 5, - "endColumn" : 38 + "startLine" : 13, + "startColumn" : 15, + "endColumn" : 25 } }, "message" : { - "text" : "content={/input}" + "text" : "\"content\": \"{/input}\"" } } } ] @@ -20178,33 +22845,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 300 - }, - "region" : { - "startLine" : 8, - "startColumn" : 5, - "endLine" : 10, - "endColumn" : 27 - } - }, - "message" : { - "text" : "user-provided value" - } - }, { - "id" : 2, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-json-view/webapp/view/app.view.json", "uriBaseId" : "%SRCROOT%", - "index" : 300 + "index" : 383 }, "region" : { - "startLine" : 15, - "startColumn" : 5, - "endLine" : 18, - "endColumn" : 29 + "startLine" : 9, + "startColumn" : 13, + "endColumn" : 23 } }, "message" : { @@ -20212,152 +22860,34 @@ } } ] }, { - "ruleId" : "js/ui5-clickjacking", - "rule" : { - "id" : "js/ui5-clickjacking", - "index" : 1, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "Possible clickjacking vulnerability due to window\\[ ... onfig\"\\] being set to `allow`." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", - "uriBaseId" : "%SRCROOT%", - "index" : 87 - }, - "region" : { - "startLine" : 9, - "startColumn" : 9, - "endColumn" : 32 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "6152b8f74a1abdf5:1", - "primaryLocationStartColumnFingerprint" : "0" - } - }, { - "ruleId" : "js/ui5-clickjacking", - "rule" : { - "id" : "js/ui5-clickjacking", - "index" : 1, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "Possible clickjacking vulnerability due to data-sap-ui-frameOptions=allow being set to `allow`." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", - "uriBaseId" : "%SRCROOT%", - "index" : 87 - }, - "region" : { - "startLine" : 28, - "startColumn" : 34, - "endColumn" : 66 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "b01bd23ca3666824:1", - "primaryLocationStartColumnFingerprint" : "25" - } - }, { - "ruleId" : "js/ui5-clickjacking", - "rule" : { - "id" : "js/ui5-clickjacking", - "index" : 1, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "Possible clickjacking vulnerability due to missing frame options." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", - "uriBaseId" : "%SRCROOT%", - "index" : 91 - }, - "region" : { - "startLine" : 2, - "endColumn" : 16 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "7fe81114896a63c:1", - "primaryLocationStartColumnFingerprint" : "0" - } - }, { - "ruleId" : "js/ui5-clickjacking", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-clickjacking", - "index" : 1, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Possible clickjacking vulnerability due to missing frame options." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 172 + "index" : 166 }, "region" : { - "startLine" : 2, - "endColumn" : 16 + "startLine" : 8, + "startColumn" : 5, + "endColumn" : 50 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "df700c15dad274b2:1", + "primaryLocationLineHash" : "74b35e217af6aa05:1", "primaryLocationStartColumnFingerprint" : "0" - } - }, { - "ruleId" : "js/ui5-path-injection", - "rule" : { - "id" : "js/ui5-path-injection", - "index" : 2, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "The path of a saved file depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 148 - }, - "region" : { - "startLine" : 17, - "startColumn" : 43, - "endColumn" : 61 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "68e5ff83e2198ff5:1", - "primaryLocationStartColumnFingerprint" : "26" }, "codeFlows" : [ { "threadFlows" : [ { @@ -20365,9 +22895,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 152 + "index" : 166 }, "region" : { "startLine" : 5, @@ -20384,12 +22914,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 149 + "index" : 162 }, "region" : { - "startLine" : 9, + "startLine" : 10, "startColumn" : 17, "endColumn" : 28 } @@ -20402,36 +22932,18 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 148 + "index" : 166 }, "region" : { "startLine" : 8, - "startColumn" : 23, - "endColumn" : 38 - } - }, - "message" : { - "text" : "{ type: \"int\" }" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 148 - }, - "region" : { - "startLine" : 17, - "startColumn" : 43, - "endColumn" : 61 + "startColumn" : 5, + "endColumn" : 50 } }, "message" : { - "text" : "oControl.getText()" + "text" : "content={/input}" } } } ] @@ -20441,9 +22953,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 152 + "index" : 166 }, "region" : { "startLine" : 5, @@ -20457,34 +22969,34 @@ } } ] }, { - "ruleId" : "js/ui5-path-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-path-injection", - "index" : 2, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "The path of a saved file depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 155 + "index" : 315 }, "region" : { - "startLine" : 23, - "startColumn" : 43, - "endColumn" : 55 + "startLine" : 9, + "startColumn" : 5, + "endColumn" : 40 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "b79de9dff4d8f842:1", - "primaryLocationStartColumnFingerprint" : "26" + "primaryLocationLineHash" : "9caa0f252fbe2993:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -20492,9 +23004,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 158 + "index" : 315 }, "region" : { "startLine" : 5, @@ -20511,12 +23023,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 156 + "index" : 311 }, "region" : { - "startLine" : 9, + "startLine" : 31, "startColumn" : 17, "endColumn" : 28 } @@ -20529,253 +23041,90 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 155 + "index" : 311 }, "region" : { "startLine" : 9, - "startColumn" : 23, - "endColumn" : 41 - } - }, - "message" : { - "text" : "{ type: \"string\" }" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 15, - "startColumn" : 29, - "endColumn" : 47 - } - }, - "message" : { - "text" : "oControl.getText()" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 15, - "startColumn" : 21, - "endColumn" : 47 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 17, - "startColumn" : 53, - "endColumn" : 58 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 17, - "startColumn" : 46, - "endColumn" : 59 - } - }, - "message" : { - "text" : "String(value)" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 17, - "startColumn" : 36, - "endColumn" : 60 + "startColumn" : 25, + "endColumn" : 53 } }, "message" : { - "text" : "encodeX ... value))" + "text" : "oModel. ... input')" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 155 + "index" : 311 }, "region" : { - "startLine" : 17, - "startColumn" : 21, - "endColumn" : 60 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 53 } }, "message" : { - "text" : "xssSanitized" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 155 - }, - "region" : { - "startLine" : 23, - "startColumn" : 43, - "endColumn" : 55 - } - }, - "message" : { - "text" : "xssSanitized" - } - } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 158 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/ui5-path-injection", - "rule" : { - "id" : "js/ui5-path-injection", - "index" : 2, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "The path of a saved file depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 162 - }, - "region" : { - "startLine" : 16, - "startColumn" : 39, - "endColumn" : 67 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "de27f6d546a116e8:1", - "primaryLocationStartColumnFingerprint" : "26" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 165 + "index" : 311 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 10, + "startColumn" : 44, + "endColumn" : 49 } }, "message" : { - "text" : "value={/input}" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 162 + "index" : 311 }, "region" : { - "startLine" : 10, + "startLine" : 32, "startColumn" : 17, - "endColumn" : 28 + "endColumn" : 30 } }, "message" : { - "text" : "input: null" + "text" : "output1: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 162 + "index" : 315 }, "region" : { - "startLine" : 16, - "startColumn" : 39, - "endColumn" : 67 + "startLine" : 9, + "startColumn" : 5, + "endColumn" : 40 } }, "message" : { - "text" : "oModel. ... input')" + "text" : "content={/output1}" } } } ] @@ -20785,9 +23134,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 165 + "index" : 315 }, "region" : { "startLine" : 5, @@ -20801,34 +23150,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 115 + "index" : 315 }, "region" : { - "startLine" : 13, - "startColumn" : 38, - "endColumn" : 56 + "startLine" : 17, + "startColumn" : 5, + "endColumn" : 40 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "fb0b88ea7a3fc8f1:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "2963bbd458e69924:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -20836,73 +23185,90 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 119 + "index" : 311 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 18, + "startColumn" : 31, + "endColumn" : 60 } }, "message" : { - "text" : "value={/input}" + "text" : "oEvent. ... Value()" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 117 + "index" : 311 }, "region" : { - "startLine" : 9, + "startLine" : 18, "startColumn" : 17, - "endColumn" : 28 + "endColumn" : 60 } }, "message" : { - "text" : "input: null" + "text" : "sInputValue" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 115 + "index" : 311 }, "region" : { - "startLine" : 7, - "startColumn" : 23, - "endColumn" : 38 + "startLine" : 19, + "startColumn" : 44, + "endColumn" : 55 } }, "message" : { - "text" : "{ type: \"int\" }" + "text" : "sInputValue" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 115 + "index" : 311 }, "region" : { - "startLine" : 13, - "startColumn" : 38, - "endColumn" : 56 + "startLine" : 34, + "startColumn" : 17, + "endColumn" : 30 } }, "message" : { - "text" : "oControl.getText()" + "text" : "output3: null" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 315 + }, + "region" : { + "startLine" : 17, + "startColumn" : 5, + "endColumn" : 40 + } + }, + "message" : { + "text" : "content={/output3}" } } } ] @@ -20912,15 +23278,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-event-handlers/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 119 + "index" : 311 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 18, + "startColumn" : 31, + "endColumn" : 60 } }, "message" : { @@ -20928,34 +23293,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 323 }, "region" : { "startLine" : 8, - "startColumn" : 26, - "endColumn" : 31 + "startColumn" : 5, + "endColumn" : 37 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "62d5a4db56a18502:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "97b29ed20ac04ff0:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -20963,54 +23328,55 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 323 }, "region" : { - "startLine" : 6, - "startColumn" : 17, - "endColumn" : 51 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "jQuery. ... param\")" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 319 }, "region" : { - "startLine" : 6, - "startColumn" : 9, - "endColumn" : 51 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "value" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 323 }, "region" : { "startLine" : 8, - "startColumn" : 26, - "endColumn" : 31 + "startColumn" : 5, + "endColumn" : 37 } }, "message" : { - "text" : "value" + "text" : "content={/input}" } } } ] @@ -21020,14 +23386,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 323 }, "region" : { - "startLine" : 6, - "startColumn" : 17, - "endColumn" : 51 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -21035,34 +23402,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 331 }, "region" : { - "startLine" : 16, - "startColumn" : 26, - "endColumn" : 31 + "startLine" : 8, + "startColumn" : 5, + "endColumn" : 38 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "751ece7cb6fd18f7:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "1406455ac263a2d9:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -21070,144 +23437,186 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 331 }, "region" : { - "startLine" : 13, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "req.url" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 327 }, "region" : { - "startLine" : 13, - "startColumn" : 13, - "endColumn" : 37 + "startLine" : 12, + "startColumn" : 26, + "endColumn" : 46 } }, "message" : { - "text" : "url.par ... , true)" + "text" : "new JSONModel(oData)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 331 }, "region" : { - "startLine" : 13, - "startColumn" : 9, - "endColumn" : 37 + "startLine" : 8, + "startColumn" : 5, + "endColumn" : 38 + } + }, + "message" : { + "text" : "content={/output}" + } + } + } ] + } ] + }, { + "threadFlows" : [ { + "locations" : [ { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 331 + }, + "region" : { + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 + } + }, + "message" : { + "text" : "value={/input}" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 327 + }, + "region" : { + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "q" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 327 }, "region" : { - "startLine" : 14, - "startColumn" : 17, - "endColumn" : 18 + "startLine" : 15, + "startColumn" : 25, + "endColumn" : 53 } }, "message" : { - "text" : "q" + "text" : "oModel. ... input')" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 327 }, "region" : { - "startLine" : 14, + "startLine" : 15, "startColumn" : 17, - "endColumn" : 24 + "endColumn" : 53 } }, "message" : { - "text" : "q.query" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 327 }, "region" : { - "startLine" : 14, - "startColumn" : 17, - "endColumn" : 33 + "startLine" : 16, + "startColumn" : 43, + "endColumn" : 48 } }, "message" : { - "text" : "q.query.username" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 327 }, "region" : { - "startLine" : 14, - "startColumn" : 9, - "endColumn" : 33 + "startLine" : 10, + "startColumn" : 17, + "endColumn" : 29 } }, "message" : { - "text" : "value" + "text" : "output: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 331 }, "region" : { - "startLine" : 16, - "startColumn" : 26, - "endColumn" : 31 + "startLine" : 8, + "startColumn" : 5, + "endColumn" : 38 } }, "message" : { - "text" : "value" + "text" : "content={/output}" } } } ] @@ -21217,14 +23626,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 331 }, "region" : { - "startLine" : 13, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -21232,34 +23642,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 348 }, "region" : { - "startLine" : 25, - "startColumn" : 26, - "endColumn" : 32 + "startLine" : 8, + "startColumn" : 5, + "endColumn" : 37 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "191c273ff0751536:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "97b29ed20ac04ff0:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -21267,198 +23677,163 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 348 }, "region" : { - "startLine" : 21, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "req.url" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 343 }, "region" : { - "startLine" : 21, - "startColumn" : 13, - "endColumn" : 37 + "startLine" : 8, + "startColumn" : 40, + "endColumn" : 63 } }, "message" : { - "text" : "url.par ... , true)" + "text" : "\"contro ... l.json\"" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 348 }, "region" : { - "startLine" : 21, - "startColumn" : 9, + "startLine" : 8, + "startColumn" : 5, "endColumn" : 37 } }, "message" : { - "text" : "q" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 22, - "startColumn" : 17, - "endColumn" : 18 - } - }, - "message" : { - "text" : "q" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 22, - "startColumn" : 17, - "endColumn" : 24 - } - }, - "message" : { - "text" : "q.query" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 22, - "startColumn" : 17, - "endColumn" : 33 - } - }, - "message" : { - "text" : "q.query.username" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 22, - "startColumn" : 9, - "endColumn" : 33 - } - }, - "message" : { - "text" : "value" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", - "uriBaseId" : "%SRCROOT%", - "index" : 3 - }, - "region" : { - "startLine" : 23, - "startColumn" : 39, - "endColumn" : 44 - } - }, - "message" : { - "text" : "value" + "text" : "content={/input}" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-external-model/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 348 + }, + "region" : { + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-xss", + "rule" : { + "id" : "js/ui5-xss", + "index" : 0, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "XSS vulnerability due to [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", + "uriBaseId" : "%SRCROOT%", + "index" : 356 + }, + "region" : { + "startLine" : 8, + "startColumn" : 11, + "endColumn" : 34 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "5edd24be658b61a4:1", + "primaryLocationStartColumnFingerprint" : "0" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 356 }, "region" : { - "startLine" : 23, - "startColumn" : 18, - "endColumn" : 45 + "startLine" : 5, + "startColumn" : 11, + "endColumn" : 32 } }, "message" : { - "text" : "jQuery. ... (value)" + "text" : "data-value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 352 }, "region" : { - "startLine" : 23, - "startColumn" : 9, - "endColumn" : 45 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "value1" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 356 }, "region" : { - "startLine" : 25, - "startColumn" : 26, - "endColumn" : 32 + "startLine" : 8, + "startColumn" : 11, + "endColumn" : 34 } }, "message" : { - "text" : "value1" + "text" : "data-content={/input}" } } } ] @@ -21468,14 +23843,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view/webapp/view/app.view.html", "uriBaseId" : "%SRCROOT%", - "index" : 3 + "index" : 356 }, "region" : { - "startLine" : 21, - "startColumn" : 23, - "endColumn" : 30 + "startLine" : 5, + "startColumn" : 11, + "endColumn" : 32 } }, "message" : { @@ -21483,34 +23858,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-xss", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-xss", + "index" : 0, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "XSS vulnerability due to [user-provided value](1).\nXSS vulnerability due to [user-provided value](2)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 411 }, "region" : { - "startLine" : 17, - "startColumn" : 38, - "endColumn" : 47 + "startLine" : 22, + "startColumn" : 5, + "endColumn" : 38 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "f32b0dcd4573d6a3:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "6e0d8f690e30e24a:1", + "primaryLocationStartColumnFingerprint" : "0" }, "codeFlows" : [ { "threadFlows" : [ { @@ -21518,15 +23893,15 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 126 + "index" : 411 }, "region" : { - "startLine" : 5, + "startLine" : 8, "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "endLine" : 10, + "endColumn" : 27 } }, "message" : { @@ -21537,9 +23912,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 123 + "index" : 407 }, "region" : { "startLine" : 9, @@ -21555,144 +23930,340 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 411 }, "region" : { - "startLine" : 8, - "startColumn" : 23, - "endColumn" : 41 + "startLine" : 22, + "startColumn" : 5, + "endColumn" : 38 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "content={/input}" } } - }, { + } ] + } ] + }, { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 411 }, "region" : { "startLine" : 15, - "startColumn" : 29, - "endColumn" : 47 + "startColumn" : 5, + "endLine" : 18, + "endColumn" : 29 } }, "message" : { - "text" : "oControl.getText()" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 407 }, "region" : { - "startLine" : 15, - "startColumn" : 21, - "endColumn" : 47 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "value" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 411 }, "region" : { - "startLine" : 16, - "startColumn" : 50, - "endColumn" : 55 + "startLine" : 22, + "startColumn" : 5, + "endColumn" : 38 } }, "message" : { - "text" : "value" + "text" : "content={/input}" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 411 + }, + "region" : { + "startLine" : 8, + "startColumn" : 5, + "endLine" : 10, + "endColumn" : 27 + } + }, + "message" : { + "text" : "user-provided value" + } + }, { + "id" : 2, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-webc-control/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 411 + }, + "region" : { + "startLine" : 15, + "startColumn" : 5, + "endLine" : 18, + "endColumn" : 29 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-clickjacking", + "rule" : { + "id" : "js/ui5-clickjacking", + "index" : 1, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Possible clickjacking vulnerability due to window\\[ ... onfig\"\\] being set to `allow`." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 137 + }, + "region" : { + "startLine" : 9, + "startColumn" : 9, + "endColumn" : 32 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "6152b8f74a1abdf5:1", + "primaryLocationStartColumnFingerprint" : "0" + } + }, { + "ruleId" : "js/ui5-clickjacking", + "rule" : { + "id" : "js/ui5-clickjacking", + "index" : 1, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Possible clickjacking vulnerability due to data-sap-ui-frameOptions=allow being set to `allow`." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-allow-all/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 137 + }, + "region" : { + "startLine" : 28, + "startColumn" : 34, + "endColumn" : 66 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "b01bd23ca3666824:1", + "primaryLocationStartColumnFingerprint" : "25" + } + }, { + "ruleId" : "js/ui5-clickjacking", + "rule" : { + "id" : "js/ui5-clickjacking", + "index" : 1, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Possible clickjacking vulnerability due to missing frame options." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Clickjacking/clickjacking-default-all/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 138 + }, + "region" : { + "startLine" : 2, + "endColumn" : 16 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "7fe81114896a63c:1", + "primaryLocationStartColumnFingerprint" : "0" + } + }, { + "ruleId" : "js/ui5-clickjacking", + "rule" : { + "id" : "js/ui5-clickjacking", + "index" : 1, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Possible clickjacking vulnerability due to missing frame options." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/webapp/index.html", + "uriBaseId" : "%SRCROOT%", + "index" : 244 + }, + "region" : { + "startLine" : 2, + "endColumn" : 16 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "df700c15dad274b2:1", + "primaryLocationStartColumnFingerprint" : "0" + } + }, { + "ruleId" : "js/ui5-path-injection", + "rule" : { + "id" : "js/ui5-path-injection", + "index" : 2, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "The path of a saved file depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 214 + }, + "region" : { + "startLine" : 17, + "startColumn" : 43, + "endColumn" : 61 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "68e5ff83e2198ff5:1", + "primaryLocationStartColumnFingerprint" : "26" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 219 }, "region" : { - "startLine" : 16, - "startColumn" : 43, - "endColumn" : 56 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "String(value)" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 215 }, "region" : { - "startLine" : 16, - "startColumn" : 33, - "endColumn" : 57 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "encodeX ... value))" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 214 }, "region" : { - "startLine" : 16, - "startColumn" : 21, - "endColumn" : 57 + "startLine" : 8, + "startColumn" : 23, + "endColumn" : 38 } }, "message" : { - "text" : "sanitized" + "text" : "{ type: \"int\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 122 + "index" : 214 }, "region" : { "startLine" : 17, - "startColumn" : 38, - "endColumn" : 47 + "startColumn" : 43, + "endColumn" : 61 } }, "message" : { - "text" : "sanitized" + "text" : "oControl.getText()" } } } ] @@ -21702,9 +24273,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 126 + "index" : 219 }, "region" : { "startLine" : 5, @@ -21718,34 +24289,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-path-injection", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-path-injection", + "index" : 2, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "The path of a saved file depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 224 }, "region" : { - "startLine" : 17, - "startColumn" : 34, - "endColumn" : 39 + "startLine" : 23, + "startColumn" : 43, + "endColumn" : 55 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "392fd43c95c7be9c:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "b79de9dff4d8f842:1", + "primaryLocationStartColumnFingerprint" : "26" }, "codeFlows" : [ { "threadFlows" : [ { @@ -21753,14 +24324,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 132 + "index" : 228 }, "region" : { - "startLine" : 6, + "startLine" : 5, "startColumn" : 5, - "endLine" : 8, + "endLine" : 7, "endColumn" : 29 } }, @@ -21772,9 +24343,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 223 }, "region" : { "startLine" : 9, @@ -21790,199 +24361,144 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 224 }, "region" : { - "startLine" : 15, - "startColumn" : 25, - "endColumn" : 53 + "startLine" : 9, + "startColumn" : 23, + "endColumn" : 41 } }, "message" : { - "text" : "oModel. ... input')" + "text" : "{ type: \"string\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 224 }, "region" : { "startLine" : 15, - "startColumn" : 17, - "endColumn" : 53 + "startColumn" : 29, + "endColumn" : 47 } }, "message" : { - "text" : "input" + "text" : "oControl.getText()" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 129 + "index" : 224 }, "region" : { - "startLine" : 17, - "startColumn" : 34, - "endColumn" : 39 + "startLine" : 15, + "startColumn" : 21, + "endColumn" : 47 } }, "message" : { - "text" : "input" + "text" : "value" } } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 132 - }, - "region" : { - "startLine" : 6, - "startColumn" : 5, - "endLine" : 8, - "endColumn" : 29 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/ui5-log-injection", - "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "Log entry depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 135 - }, - "region" : { - "startLine" : 16, - "startColumn" : 30, - "endColumn" : 35 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "27d08bf2c216b384:1", - "primaryLocationStartColumnFingerprint" : "21" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 139 + "index" : 224 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 17, + "startColumn" : 53, + "endColumn" : 58 } }, "message" : { - "text" : "value={/input}" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 224 }, "region" : { - "startLine" : 8, - "startColumn" : 11, - "endColumn" : 22 + "startLine" : 17, + "startColumn" : 46, + "endColumn" : 59 } }, "message" : { - "text" : "input: null" + "text" : "String(value)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 224 }, "region" : { - "startLine" : 14, - "startColumn" : 21, - "endColumn" : 49 + "startLine" : 17, + "startColumn" : 36, + "endColumn" : 60 } }, "message" : { - "text" : "oModel. ... input\")" + "text" : "encodeX ... value))" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 224 }, "region" : { - "startLine" : 14, - "startColumn" : 13, - "endColumn" : 49 + "startLine" : 17, + "startColumn" : 21, + "endColumn" : 60 } }, "message" : { - "text" : "input" + "text" : "xssSanitized" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 135 + "index" : 224 }, "region" : { - "startLine" : 16, - "startColumn" : 30, - "endColumn" : 35 + "startLine" : 23, + "startColumn" : 43, + "endColumn" : 55 } }, "message" : { - "text" : "input" + "text" : "xssSanitized" } } } ] @@ -21992,9 +24508,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 139 + "index" : 228 }, "region" : { "startLine" : 5, @@ -22008,34 +24524,34 @@ } } ] }, { - "ruleId" : "js/ui5-log-injection", + "ruleId" : "js/ui5-path-injection", "rule" : { - "id" : "js/ui5-log-injection", - "index" : 3, + "id" : "js/ui5-path-injection", + "index" : 2, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "The path of a saved file depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 142 + "index" : 232 }, "region" : { - "startLine" : 17, - "startColumn" : 34, - "endColumn" : 39 + "startLine" : 16, + "startColumn" : 39, + "endColumn" : 67 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "392fd43c95c7be9c:1", - "primaryLocationStartColumnFingerprint" : "21" + "primaryLocationLineHash" : "de27f6d546a116e8:1", + "primaryLocationStartColumnFingerprint" : "26" }, "codeFlows" : [ { "threadFlows" : [ { @@ -22043,9 +24559,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 145 + "index" : 235 }, "region" : { "startLine" : 5, @@ -22062,12 +24578,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 142 + "index" : 232 }, "region" : { - "startLine" : 9, + "startLine" : 10, "startColumn" : 17, "endColumn" : 28 } @@ -22080,56 +24596,20 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 142 + "index" : 232 }, "region" : { - "startLine" : 15, - "startColumn" : 25, - "endColumn" : 53 + "startLine" : 16, + "startColumn" : 39, + "endColumn" : 67 } }, "message" : { "text" : "oModel. ... input')" } } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 142 - }, - "region" : { - "startLine" : 15, - "startColumn" : 17, - "endColumn" : 53 - } - }, - "message" : { - "text" : "input" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 142 - }, - "region" : { - "startLine" : 17, - "startColumn" : 34, - "endColumn" : 39 - } - }, - "message" : { - "text" : "input" - } - } } ] } ] } ], @@ -22137,9 +24617,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5PathInjection/path-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 145 + "index" : 235 }, "region" : { "startLine" : 5, @@ -22153,34 +24633,34 @@ } } ] }, { - "ruleId" : "js/ui5-formula-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/ui5-formula-injection", - "index" : 4, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "The content of a saved file depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 95 + "index" : 171 }, "region" : { - "startLine" : 17, - "startColumn" : 27, - "endColumn" : 45 + "startLine" : 13, + "startColumn" : 38, + "endColumn" : 56 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "41899ff1a967017d:1", - "primaryLocationStartColumnFingerprint" : "10" + "primaryLocationLineHash" : "fb0b88ea7a3fc8f1:1", + "primaryLocationStartColumnFingerprint" : "21" }, "codeFlows" : [ { "threadFlows" : [ { @@ -22188,9 +24668,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 99 + "index" : 175 }, "region" : { "startLine" : 5, @@ -22207,9 +24687,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 96 + "index" : 172 }, "region" : { "startLine" : 9, @@ -22225,12 +24705,12 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 95 + "index" : 171 }, "region" : { - "startLine" : 8, + "startLine" : 7, "startColumn" : 23, "endColumn" : 38 } @@ -22243,14 +24723,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 95 + "index" : 171 }, "region" : { - "startLine" : 17, - "startColumn" : 27, - "endColumn" : 45 + "startLine" : 13, + "startColumn" : 38, + "endColumn" : 56 } }, "message" : { @@ -22264,9 +24744,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 99 + "index" : 175 }, "region" : { "startLine" : 5, @@ -22280,34 +24760,34 @@ } } ] }, { - "ruleId" : "js/ui5-formula-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/ui5-formula-injection", - "index" : 4, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { "index" : 1 } }, "message" : { - "text" : "The content of a saved file depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 23, - "startColumn" : 27, - "endColumn" : 39 + "startLine" : 8, + "startColumn" : 26, + "endColumn" : 31 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "9afa5fd07ee36af6:1", - "primaryLocationStartColumnFingerprint" : "10" + "primaryLocationLineHash" : "62d5a4db56a18502:1", + "primaryLocationStartColumnFingerprint" : "21" }, "codeFlows" : [ { "threadFlows" : [ { @@ -22315,290 +24795,251 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 106 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "value={/input}" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 103 + "index" : 3 }, "region" : { - "startLine" : 9, + "startLine" : 6, "startColumn" : 17, - "endColumn" : 28 - } - }, - "message" : { - "text" : "input: null" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", - "uriBaseId" : "%SRCROOT%", - "index" : 102 - }, - "region" : { - "startLine" : 9, - "startColumn" : 23, - "endColumn" : 41 + "endColumn" : 51 } }, "message" : { - "text" : "{ type: \"string\" }" + "text" : "jQuery. ... param\")" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 15, - "startColumn" : 29, - "endColumn" : 47 + "startLine" : 6, + "startColumn" : 9, + "endColumn" : 51 } }, "message" : { - "text" : "oControl.getText()" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 15, - "startColumn" : 21, - "endColumn" : 47 + "startLine" : 8, + "startColumn" : 26, + "endColumn" : 31 } }, "message" : { "text" : "value" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 6, + "startColumn" : 17, + "endColumn" : 51 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-log-injection", + "rule" : { + "id" : "js/ui5-log-injection", + "index" : 3, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Log entry depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", + "uriBaseId" : "%SRCROOT%", + "index" : 3 + }, + "region" : { + "startLine" : 16, + "startColumn" : 26, + "endColumn" : 31 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "751ece7cb6fd18f7:1", + "primaryLocationStartColumnFingerprint" : "21" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 17, - "startColumn" : 53, - "endColumn" : 58 + "startLine" : 13, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { - "text" : "value" + "text" : "req.url" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 17, - "startColumn" : 46, - "endColumn" : 59 + "startLine" : 13, + "startColumn" : 13, + "endColumn" : 37 } }, "message" : { - "text" : "String(value)" + "text" : "url.par ... , true)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 17, - "startColumn" : 36, - "endColumn" : 60 + "startLine" : 13, + "startColumn" : 9, + "endColumn" : 37 } }, "message" : { - "text" : "encodeX ... value))" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 17, - "startColumn" : 21, - "endColumn" : 60 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 18 } }, "message" : { - "text" : "xssSanitized" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 102 + "index" : 3 }, "region" : { - "startLine" : 23, - "startColumn" : 27, - "endColumn" : 39 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 24 } }, "message" : { - "text" : "xssSanitized" + "text" : "q.query" } } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", - "uriBaseId" : "%SRCROOT%", - "index" : 106 - }, - "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/ui5-formula-injection", - "rule" : { - "id" : "js/ui5-formula-injection", - "index" : 4, - "toolComponent" : { - "index" : 1 - } - }, - "message" : { - "text" : "The content of a saved file depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", - "uriBaseId" : "%SRCROOT%", - "index" : 109 - }, - "region" : { - "startLine" : 16, - "startColumn" : 23, - "endColumn" : 51 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "e701acdf85af03b4:1", - "primaryLocationStartColumnFingerprint" : "10" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 3 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 14, + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { - "text" : "value={/input}" + "text" : "q.query.username" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 3 }, "region" : { - "startLine" : 10, - "startColumn" : 17, - "endColumn" : 28 + "startLine" : 14, + "startColumn" : 9, + "endColumn" : 33 } }, "message" : { - "text" : "input: null" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 109 + "index" : 3 }, "region" : { "startLine" : 16, - "startColumn" : 23, - "endColumn" : 51 + "startColumn" : 26, + "endColumn" : 31 } }, "message" : { - "text" : "oModel. ... input')" + "text" : "value" } } } ] @@ -22608,15 +25049,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 112 + "index" : 3 }, "region" : { - "startLine" : 5, - "startColumn" : 5, - "endLine" : 7, - "endColumn" : 29 + "startLine" : 13, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { @@ -22624,34 +25064,34 @@ } } ] }, { - "ruleId" : "js/cap-sql-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/cap-sql-injection", - "index" : 0, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { - "index" : 2 + "index" : 1 } }, "message" : { - "text" : "This query depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 13, - "startColumn" : 36, - "endColumn" : 41 + "startLine" : 25, + "startColumn" : 26, + "endColumn" : 32 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "e5ae8639cd6967fb:1", - "primaryLocationStartColumnFingerprint" : "29" + "primaryLocationLineHash" : "191c273ff0751536:1", + "primaryLocationStartColumnFingerprint" : "21" }, "codeFlows" : [ { "threadFlows" : [ { @@ -22659,198 +25099,198 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 21, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { - "text" : "req" + "text" : "req.url" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 8, - "startColumn" : 34, + "startLine" : 21, + "startColumn" : 13, "endColumn" : 37 } }, "message" : { - "text" : "req" + "text" : "url.par ... , true)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 42 + "startLine" : 21, + "startColumn" : 9, + "endColumn" : 37 } }, "message" : { - "text" : "req.data" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 22, + "startColumn" : 17, + "endColumn" : 18 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "q" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 8, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 22, + "startColumn" : 17, + "endColumn" : 24 } }, "message" : { - "text" : "book" + "text" : "q.query" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 42 + "startLine" : 22, + "startColumn" : 17, + "endColumn" : 33 } }, "message" : { - "text" : "book" + "text" : "q.query.username" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 12, - "startColumn" : 50, - "endColumn" : 54 + "startLine" : 22, + "startColumn" : 9, + "endColumn" : 33 } }, "message" : { - "text" : "book" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 12, - "startColumn" : 44, - "endColumn" : 56 + "startLine" : 23, + "startColumn" : 39, + "endColumn" : 44 } }, "message" : { - "text" : "`ID=${book}`" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 12, - "startColumn" : 19, - "endColumn" : 57 + "startLine" : 23, + "startColumn" : 18, + "endColumn" : 45 } }, "message" : { - "text" : "SELECT. ... book}`)" + "text" : "jQuery. ... (value)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 12, - "startColumn" : 11, - "endColumn" : 57 + "startLine" : 23, + "startColumn" : 9, + "endColumn" : 45 } }, "message" : { - "text" : "query" + "text" : "value1" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 13, - "startColumn" : 36, - "endColumn" : 41 + "startLine" : 25, + "startColumn" : 26, + "endColumn" : 32 } }, "message" : { - "text" : "query" + "text" : "value1" } } } ] @@ -22860,14 +25300,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/avoid-duplicate-alerts/LogInjectionTest.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 3 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 21, + "startColumn" : 23, + "endColumn" : 30 } }, "message" : { @@ -22875,34 +25315,34 @@ } } ] }, { - "ruleId" : "js/cap-sql-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/cap-sql-injection", - "index" : 0, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { - "index" : 2 + "index" : 1 } }, "message" : { - "text" : "This query depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 15, - "startColumn" : 27, - "endColumn" : 65 + "startLine" : 17, + "startColumn" : 38, + "endColumn" : 47 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "b41554298e90b620:1", - "primaryLocationStartColumnFingerprint" : "20" + "primaryLocationLineHash" : "f32b0dcd4573d6a3:1", + "primaryLocationStartColumnFingerprint" : "21" }, "codeFlows" : [ { "threadFlows" : [ { @@ -22910,162 +25350,181 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 185 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "req" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 181 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "req" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { "startLine" : 8, - "startColumn" : 34, - "endColumn" : 42 + "startColumn" : 23, + "endColumn" : 41 } }, "message" : { - "text" : "req.data" + "text" : "{ type: \"string\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 15, + "startColumn" : 29, + "endColumn" : 47 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "oControl.getText()" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 8, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 15, + "startColumn" : 21, + "endColumn" : 47 } }, "message" : { - "text" : "book" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 42 + "startLine" : 16, + "startColumn" : 50, + "endColumn" : 55 } }, "message" : { - "text" : "book" + "text" : "value" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 15, - "startColumn" : 58, - "endColumn" : 62 + "startLine" : 16, + "startColumn" : 43, + "endColumn" : 56 } }, "message" : { - "text" : "book" + "text" : "String(value)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 15, - "startColumn" : 52, - "endColumn" : 64 + "startLine" : 16, + "startColumn" : 33, + "endColumn" : 57 } }, "message" : { - "text" : "`ID=${book}`" + "text" : "encodeX ... value))" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 180 }, "region" : { - "startLine" : 15, - "startColumn" : 27, - "endColumn" : 65 + "startLine" : 16, + "startColumn" : 21, + "endColumn" : 57 } }, "message" : { - "text" : "SELECT. ... book}`)" + "text" : "sanitized" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 180 + }, + "region" : { + "startLine" : 17, + "startColumn" : 38, + "endColumn" : 47 + } + }, + "message" : { + "text" : "sanitized" } } } ] @@ -23075,14 +25534,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 185 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -23090,233 +25550,271 @@ } } ] }, { - "ruleId" : "js/cap-sql-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/cap-sql-injection", - "index" : 0, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { - "index" : 2 + "index" : 1 } }, "message" : { - "text" : "This query depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 189 }, "region" : { - "startLine" : 18, - "startColumn" : 37, - "endColumn" : 43 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "967d7be3edc97a9e:1", - "primaryLocationStartColumnFingerprint" : "30" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 - } - }, - "message" : { - "text" : "req" - } - } - }, { + "startLine" : 17, + "startColumn" : 34, + "endColumn" : 39 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "392fd43c95c7be9c:1", + "primaryLocationStartColumnFingerprint" : "21" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 193 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 6, + "startColumn" : 5, + "endLine" : 8, + "endColumn" : 29 } }, "message" : { - "text" : "req" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 189 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 42 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "req.data" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 189 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 15, + "startColumn" : 25, + "endColumn" : 53 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "oModel. ... input')" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 189 }, "region" : { - "startLine" : 8, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 15, + "startColumn" : 17, + "endColumn" : 53 } }, "message" : { - "text" : "book" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 189 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 42 + "startLine" : 17, + "startColumn" : 34, + "endColumn" : 39 } }, "message" : { - "text" : "book" + "text" : "input" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-notifications/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 193 + }, + "region" : { + "startLine" : 6, + "startColumn" : 5, + "endLine" : 8, + "endColumn" : 29 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-log-injection", + "rule" : { + "id" : "js/ui5-log-injection", + "index" : 3, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "Log entry depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 196 + }, + "region" : { + "startLine" : 16, + "startColumn" : 30, + "endColumn" : 35 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "27d08bf2c216b384:1", + "primaryLocationStartColumnFingerprint" : "21" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 202 }, "region" : { - "startLine" : 17, - "startColumn" : 53, - "endColumn" : 57 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "book" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 196 }, "region" : { - "startLine" : 17, - "startColumn" : 45, - "endColumn" : 57 + "startLine" : 8, + "startColumn" : 11, + "endColumn" : 22 } }, "message" : { - "text" : "'ID=' + book" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 196 }, "region" : { - "startLine" : 17, - "startColumn" : 20, - "endColumn" : 58 + "startLine" : 14, + "startColumn" : 21, + "endColumn" : 49 } }, "message" : { - "text" : "SELECT. ... + book)" + "text" : "oModel. ... input\")" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 196 }, "region" : { - "startLine" : 17, - "startColumn" : 11, - "endColumn" : 58 + "startLine" : 14, + "startColumn" : 13, + "endColumn" : 49 } }, "message" : { - "text" : "query2" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 196 }, "region" : { - "startLine" : 18, - "startColumn" : 37, - "endColumn" : 43 + "startLine" : 16, + "startColumn" : 30, + "endColumn" : 35 } }, "message" : { - "text" : "query2" + "text" : "input" } } } ] @@ -23326,14 +25824,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-remote/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 202 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -23341,34 +25840,34 @@ } } ] }, { - "ruleId" : "js/cap-sql-injection", + "ruleId" : "js/ui5-log-injection", "rule" : { - "id" : "js/cap-sql-injection", - "index" : 0, + "id" : "js/ui5-log-injection", + "index" : 3, "toolComponent" : { - "index" : 2 + "index" : 1 } }, "message" : { - "text" : "This query depends on a [user-provided value](1)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 205 }, "region" : { - "startLine" : 20, - "startColumn" : 27, - "endColumn" : 65 + "startLine" : 17, + "startColumn" : 34, + "endColumn" : 39 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "1c132adaa6986472:1", - "primaryLocationStartColumnFingerprint" : "20" + "primaryLocationLineHash" : "392fd43c95c7be9c:1", + "primaryLocationStartColumnFingerprint" : "21" }, "codeFlows" : [ { "threadFlows" : [ { @@ -23376,162 +25875,218 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 210 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "req" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 205 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "req" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 205 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 42 + "startLine" : 15, + "startColumn" : 25, + "endColumn" : 53 } }, "message" : { - "text" : "req.data" + "text" : "oModel. ... input')" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 - }, - "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 31 + "index" : 205 + }, + "region" : { + "startLine" : 15, + "startColumn" : 17, + "endColumn" : 53 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "input" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 205 }, "region" : { - "startLine" : 8, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 17, + "startColumn" : 34, + "endColumn" : 39 } }, "message" : { - "text" : "book" + "text" : "input" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5LogInjection/log-html-control-df/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 210 + }, + "region" : { + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-formula-injection", + "rule" : { + "id" : "js/ui5-formula-injection", + "index" : 4, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "The content of a saved file depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 146 + }, + "region" : { + "startLine" : 17, + "startColumn" : 27, + "endColumn" : 45 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "41899ff1a967017d:1", + "primaryLocationStartColumnFingerprint" : "10" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 153 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 42 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "book" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 145 }, "region" : { - "startLine" : 20, - "startColumn" : 60, - "endColumn" : 64 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "book" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 146 }, "region" : { - "startLine" : 20, - "startColumn" : 52, - "endColumn" : 64 + "startLine" : 8, + "startColumn" : 23, + "endColumn" : 38 } }, "message" : { - "text" : "'ID=' + book" + "text" : "{ type: \"int\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 146 }, "region" : { - "startLine" : 20, + "startLine" : 17, "startColumn" : 27, - "endColumn" : 65 + "endColumn" : 45 } }, "message" : { - "text" : "SELECT. ... + book)" + "text" : "oControl.getText()" } } } ] @@ -23541,14 +26096,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-property-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 153 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -23556,34 +26112,34 @@ } } ] }, { - "ruleId" : "js/cap-sql-injection", + "ruleId" : "js/ui5-formula-injection", "rule" : { - "id" : "js/cap-sql-injection", - "index" : 0, + "id" : "js/ui5-formula-injection", + "index" : 4, "toolComponent" : { - "index" : 2 + "index" : 1 } }, "message" : { - "text" : "This query depends on a [user-provided value](1)." + "text" : "The content of a saved file depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 28, - "startColumn" : 39, - "endColumn" : 42 + "startLine" : 23, + "startColumn" : 27, + "endColumn" : 39 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "144d55d233768c80:1", - "primaryLocationStartColumnFingerprint" : "32" + "primaryLocationLineHash" : "9afa5fd07ee36af6:1", + "primaryLocationStartColumnFingerprint" : "10" }, "codeFlows" : [ { "threadFlows" : [ { @@ -23591,180 +26147,290 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 158 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "req" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 155 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 9, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "req" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 8, - "startColumn" : 34, - "endColumn" : 42 + "startLine" : 9, + "startColumn" : 23, + "endColumn" : 41 } }, "message" : { - "text" : "req.data" + "text" : "{ type: \"string\" }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 15, + "startColumn" : 29, + "endColumn" : 47 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "oControl.getText()" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 8, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 15, + "startColumn" : 21, + "endColumn" : 47 + } + }, + "message" : { + "text" : "value" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 154 + }, + "region" : { + "startLine" : 17, + "startColumn" : 53, + "endColumn" : 58 + } + }, + "message" : { + "text" : "value" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 154 + }, + "region" : { + "startLine" : 17, + "startColumn" : 46, + "endColumn" : 59 + } + }, + "message" : { + "text" : "String(value)" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", + "uriBaseId" : "%SRCROOT%", + "index" : 154 + }, + "region" : { + "startLine" : 17, + "startColumn" : 36, + "endColumn" : 60 } }, "message" : { - "text" : "book" + "text" : "encodeX ... value))" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 8, - "startColumn" : 13, - "endColumn" : 42 + "startLine" : 17, + "startColumn" : 21, + "endColumn" : 60 } }, "message" : { - "text" : "book" + "text" : "xssSanitized" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/control/xss.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 154 }, "region" : { - "startLine" : 27, - "startColumn" : 59, - "endColumn" : 63 + "startLine" : 23, + "startColumn" : 27, + "endColumn" : 39 } }, "message" : { - "text" : "book" + "text" : "xssSanitized" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-custom-control-sanitized/webapp/view/app.view.xml", + "uriBaseId" : "%SRCROOT%", + "index" : 158 + }, + "region" : { + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/ui5-formula-injection", + "rule" : { + "id" : "js/ui5-formula-injection", + "index" : 4, + "toolComponent" : { + "index" : 1 + } + }, + "message" : { + "text" : "The content of a saved file depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", + "uriBaseId" : "%SRCROOT%", + "index" : 162 + }, + "region" : { + "startLine" : 16, + "startColumn" : 23, + "endColumn" : 51 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "e701acdf85af03b4:1", + "primaryLocationStartColumnFingerprint" : "10" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 166 }, "region" : { - "startLine" : 27, - "startColumn" : 17, - "endColumn" : 63 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { - "text" : "CQL`SEL ... + book" + "text" : "value={/input}" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 162 }, "region" : { - "startLine" : 27, - "startColumn" : 11, - "endColumn" : 63 + "startLine" : 10, + "startColumn" : 17, + "endColumn" : 28 } }, "message" : { - "text" : "cqn" + "text" : "input: null" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/controller/app.controller.js", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 162 }, "region" : { - "startLine" : 28, - "startColumn" : 39, - "endColumn" : 42 + "startLine" : 16, + "startColumn" : 23, + "endColumn" : 51 } }, "message" : { - "text" : "cqn" + "text" : "oModel. ... input')" } } } ] @@ -23774,14 +26440,15 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uri" : "javascript/frameworks/ui5/test/queries/UI5FormulaInjection/formula-html-control-df/webapp/view/app.view.xml", "uriBaseId" : "%SRCROOT%", - "index" : 1 + "index" : 166 }, "region" : { - "startLine" : 7, - "startColumn" : 34, - "endColumn" : 37 + "startLine" : 5, + "startColumn" : 5, + "endLine" : 7, + "endColumn" : 29 } }, "message" : { @@ -23808,15 +26475,15 @@ "index" : 1 }, "region" : { - "startLine" : 31, - "startColumn" : 39, - "endColumn" : 43 + "startLine" : 13, + "startColumn" : 36, + "endColumn" : 41 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "1cd6f1adc2ef8f7c:1", - "primaryLocationStartColumnFingerprint" : "32" + "primaryLocationLineHash" : "e5ae8639cd6967fb:1", + "primaryLocationStartColumnFingerprint" : "29" }, "codeFlows" : [ { "threadFlows" : [ { @@ -23937,9 +26604,9 @@ "index" : 1 }, "region" : { - "startLine" : 30, - "startColumn" : 56, - "endColumn" : 60 + "startLine" : 12, + "startColumn" : 50, + "endColumn" : 54 } }, "message" : { @@ -23955,13 +26622,13 @@ "index" : 1 }, "region" : { - "startLine" : 30, - "startColumn" : 32, - "endColumn" : 60 + "startLine" : 12, + "startColumn" : 44, + "endColumn" : 56 } }, "message" : { - "text" : "`SELECT ... + book" + "text" : "`ID=${book}`" } } }, { @@ -23973,13 +26640,13 @@ "index" : 1 }, "region" : { - "startLine" : 30, - "startColumn" : 18, - "endColumn" : 61 + "startLine" : 12, + "startColumn" : 19, + "endColumn" : 57 } }, "message" : { - "text" : "cds.par ... + book)" + "text" : "SELECT. ... book}`)" } } }, { @@ -23991,13 +26658,13 @@ "index" : 1 }, "region" : { - "startLine" : 30, + "startLine" : 12, "startColumn" : 11, - "endColumn" : 61 + "endColumn" : 57 } }, "message" : { - "text" : "cqn1" + "text" : "query" } } }, { @@ -24009,13 +26676,13 @@ "index" : 1 }, "region" : { - "startLine" : 31, - "startColumn" : 39, - "endColumn" : 43 + "startLine" : 13, + "startColumn" : 36, + "endColumn" : 41 } }, "message" : { - "text" : "cqn1" + "text" : "query" } } } ] @@ -24040,34 +26707,34 @@ } } ] }, { - "ruleId" : "js/cap-log-injection", + "ruleId" : "js/cap-sql-injection", "rule" : { - "id" : "js/cap-log-injection", - "index" : 1, + "id" : "js/cap-sql-injection", + "index" : 0, "toolComponent" : { "index" : 2 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "This query depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 15, + "startColumn" : 27, + "endColumn" : 65 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "7c291d40b7c61d4f:1", - "primaryLocationStartColumnFingerprint" : "23" + "primaryLocationLineHash" : "b41554298e90b620:1", + "primaryLocationStartColumnFingerprint" : "20" }, "codeFlows" : [ { "threadFlows" : [ { @@ -24075,126 +26742,162 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "msg" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "msg" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 42 + } + }, + "message" : { + "text" : "req.data" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 31 + } + }, + "message" : { + "text" : "{ book, quantity }" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 8, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "msg.data" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 32 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 42 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 17, - "endColumn" : 30 + "startLine" : 15, + "startColumn" : 58, + "endColumn" : 62 } }, "message" : { - "text" : "messageToPass" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startLine" : 15, + "startColumn" : 52, + "endColumn" : 64 } }, "message" : { - "text" : "messageToPass" + "text" : "`ID=${book}`" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 15, + "startColumn" : 27, + "endColumn" : 65 } }, "message" : { - "text" : "messageToPass" + "text" : "SELECT. ... book}`)" } } } ] @@ -24204,14 +26907,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-not-depending-on-request/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 55 + "index" : 1 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { @@ -24219,34 +26922,34 @@ } } ] }, { - "ruleId" : "js/cap-log-injection", + "ruleId" : "js/cap-sql-injection", "rule" : { - "id" : "js/cap-log-injection", - "index" : 1, + "id" : "js/cap-sql-injection", + "index" : 0, "toolComponent" : { "index" : 2 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "This query depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 11, - "startColumn" : 16, - "endColumn" : 29 + "startLine" : 18, + "startColumn" : 37, + "endColumn" : 43 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "eae426bf8fad0192:1", - "primaryLocationStartColumnFingerprint" : "9" + "primaryLocationLineHash" : "967d7be3edc97a9e:1", + "primaryLocationStartColumnFingerprint" : "30" }, "codeFlows" : [ { "threadFlows" : [ { @@ -24254,9 +26957,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 7, @@ -24272,9 +26975,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 8, @@ -24290,9 +26993,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 8, @@ -24308,9 +27011,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 8, @@ -24326,9 +27029,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 8, @@ -24344,9 +27047,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 8, @@ -24362,14 +27065,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 11, - "startColumn" : 25, - "endColumn" : 29 + "startLine" : 17, + "startColumn" : 53, + "endColumn" : 57 } }, "message" : { @@ -24380,18 +27083,72 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 11, - "startColumn" : 16, - "endColumn" : 29 + "startLine" : 17, + "startColumn" : 45, + "endColumn" : 57 } }, "message" : { - "text" : "\"CAP:\" + book" + "text" : "'ID=' + book" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 17, + "startColumn" : 20, + "endColumn" : 58 + } + }, + "message" : { + "text" : "SELECT. ... + book)" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 17, + "startColumn" : 11, + "endColumn" : 58 + } + }, + "message" : { + "text" : "query2" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 18, + "startColumn" : 37, + "endColumn" : 43 + } + }, + "message" : { + "text" : "query2" } } } ] @@ -24401,9 +27158,9 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { "startLine" : 7, @@ -24416,34 +27173,34 @@ } } ] }, { - "ruleId" : "js/cap-log-injection", + "ruleId" : "js/cap-sql-injection", "rule" : { - "id" : "js/cap-log-injection", - "index" : 1, + "id" : "js/cap-sql-injection", + "index" : 0, "toolComponent" : { "index" : 2 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1).\nLog entry depends on a [user-provided value](2)." + "text" : "This query depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 20, + "startColumn" : 27, + "endColumn" : 65 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "7c291d40b7c61d4f:1", - "primaryLocationStartColumnFingerprint" : "23" + "primaryLocationLineHash" : "1c132adaa6986472:1", + "primaryLocationStartColumnFingerprint" : "20" }, "codeFlows" : [ { "threadFlows" : [ { @@ -24451,32 +27208,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 58 - }, - "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 - } - }, - "message" : { - "text" : "req" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 1 }, "region" : { "startLine" : 7, - "startColumn" : 39, - "endColumn" : 42 + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { @@ -24487,364 +27226,377 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 58 - }, - "region" : { - "startLine" : 7, - "startColumn" : 39, - "endColumn" : 47 - } - }, - "message" : { - "text" : "req.data" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 58 - }, - "region" : { - "startLine" : 7, - "startColumn" : 19, - "endColumn" : 36 - } - }, - "message" : { - "text" : "{ messageToPass }" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 21, - "endColumn" : 34 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "messageToPass" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 19, - "endColumn" : 47 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 42 } }, "message" : { - "text" : "messageToPass" + "text" : "req.data" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 38, - "endColumn" : 51 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { - "text" : "messageToPass" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 58 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 36, - "endColumn" : 53 + "startLine" : 8, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 42 } }, "message" : { - "text" : "msg" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startLine" : 20, + "startColumn" : 60, + "endColumn" : 64 } }, "message" : { - "text" : "msg" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startLine" : 20, + "startColumn" : 52, + "endColumn" : 64 } }, "message" : { - "text" : "msg.data" + "text" : "'ID=' + book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 32 + "startLine" : 20, + "startColumn" : 27, + "endColumn" : 65 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "SELECT. ... + book)" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/cap-sql-injection", + "rule" : { + "id" : "js/cap-sql-injection", + "index" : 0, + "toolComponent" : { + "index" : 2 + } + }, + "message" : { + "text" : "This query depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 1 + }, + "region" : { + "startLine" : 28, + "startColumn" : 39, + "endColumn" : 42 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "144d55d233768c80:1", + "primaryLocationStartColumnFingerprint" : "32" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { "startLine" : 7, - "startColumn" : 17, - "endColumn" : 30 + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "messageToPass" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "messageToPass" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 42 } }, "message" : { - "text" : "messageToPass" + "text" : "req.data" } } - } ] - } ] - }, { - "threadFlows" : [ { - "locations" : [ { + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { - "text" : "msg" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startLine" : 8, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "msg" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 42 } }, "message" : { - "text" : "msg.data" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 32 + "startLine" : 27, + "startColumn" : 59, + "endColumn" : 63 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, + "startLine" : 27, "startColumn" : 17, - "endColumn" : 30 + "endColumn" : 63 } }, "message" : { - "text" : "messageToPass" + "text" : "CQL`SEL ... + book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startLine" : 27, + "startColumn" : 11, + "endColumn" : 63 } }, "message" : { - "text" : "messageToPass" + "text" : "cqn" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 28, + "startColumn" : 39, + "endColumn" : 42 } }, "message" : { - "text" : "messageToPass" + "text" : "cqn" } } } ] @@ -24854,31 +27606,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 58 - }, - "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 - } - }, - "message" : { - "text" : "user-provided value" - } - }, { - "id" : 2, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-complete-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 59 + "index" : 1 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { @@ -24886,34 +27621,34 @@ } } ] }, { - "ruleId" : "js/cap-log-injection", + "ruleId" : "js/cap-sql-injection", "rule" : { - "id" : "js/cap-log-injection", - "index" : 1, + "id" : "js/cap-sql-injection", + "index" : 0, "toolComponent" : { "index" : 2 } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1)." + "text" : "This query depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 18, - "startColumn" : 47, - "endColumn" : 48 + "startLine" : 31, + "startColumn" : 39, + "endColumn" : 43 } } } ], "partialFingerprints" : { - "primaryLocationLineHash" : "e05b39891dddd161:1", - "primaryLocationStartColumnFingerprint" : "40" + "primaryLocationLineHash" : "1cd6f1adc2ef8f7c:1", + "primaryLocationStartColumnFingerprint" : "32" }, "codeFlows" : [ { "threadFlows" : [ { @@ -24921,14 +27656,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 15, - "startColumn" : 24, - "endColumn" : 27 + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { @@ -24939,14 +27674,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 18, - "startColumn" : 17, - "endColumn" : 20 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { @@ -24957,14 +27692,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 18, - "startColumn" : 17, - "endColumn" : 25 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 42 } }, "message" : { @@ -24975,197 +27710,144 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 18, + "startLine" : 8, "startColumn" : 13, - "endColumn" : 25 + "endColumn" : 31 } }, "message" : { - "text" : "$" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 18, - "startColumn" : 47, - "endColumn" : 48 + "startLine" : 8, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "$" + "text" : "book" } } - } ] - } ] - } ], - "relatedLocations" : [ { - "id" : 1, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 15, - "startColumn" : 24, - "endColumn" : 27 - } - }, - "message" : { - "text" : "user-provided value" - } - } ] - }, { - "ruleId" : "js/cap-log-injection", - "rule" : { - "id" : "js/cap-log-injection", - "index" : 1, - "toolComponent" : { - "index" : 2 - } - }, - "message" : { - "text" : "Log entry depends on a [user-provided value](1)." - }, - "locations" : [ { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", - "uriBaseId" : "%SRCROOT%", - "index" : 2 - }, - "region" : { - "startLine" : 25, - "startColumn" : 16, - "endColumn" : 29 - } - } - } ], - "partialFingerprints" : { - "primaryLocationLineHash" : "4dc77ce4a9b7031e:1", - "primaryLocationStartColumnFingerprint" : "9" - }, - "codeFlows" : [ { - "threadFlows" : [ { - "locations" : [ { + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 23, - "startColumn" : 34, - "endColumn" : 54 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 42 } }, "message" : { - "text" : "req2.params.category" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 23, - "startColumn" : 13, - "endColumn" : 31 + "startLine" : 30, + "startColumn" : 56, + "endColumn" : 60 } }, "message" : { - "text" : "{ book, quantity }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 23, - "startColumn" : 15, - "endColumn" : 19 + "startLine" : 30, + "startColumn" : 32, + "endColumn" : 60 } }, "message" : { - "text" : "book" + "text" : "`SELECT ... + book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 23, - "startColumn" : 13, - "endColumn" : 54 + "startLine" : 30, + "startColumn" : 18, + "endColumn" : 61 } }, "message" : { - "text" : "book" + "text" : "cds.par ... + book)" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 25, - "startColumn" : 25, - "endColumn" : 29 + "startLine" : 30, + "startColumn" : 11, + "endColumn" : 61 } }, "message" : { - "text" : "book" + "text" : "cqn1" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 25, - "startColumn" : 16, - "endColumn" : 29 + "startLine" : 31, + "startColumn" : 39, + "endColumn" : 43 } }, "message" : { - "text" : "\"CAP:\" + book" + "text" : "cqn1" } } } ] @@ -25175,14 +27857,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uri" : "javascript/frameworks/cap/test/queries/cqlinjection/cqlinjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 2 + "index" : 1 }, "region" : { - "startLine" : 23, + "startLine" : 7, "startColumn" : 34, - "endColumn" : 54 + "endColumn" : 37 } }, "message" : { @@ -25199,14 +27881,14 @@ } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1).\nLog entry depends on a [user-provided value](2)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 9, @@ -25225,9 +27907,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 6, @@ -25243,9 +27925,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 7, @@ -25261,9 +27943,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 7, @@ -25279,9 +27961,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 7, @@ -25297,9 +27979,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 7, @@ -25315,9 +27997,9 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 7, @@ -25333,292 +28015,358 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 95 }, "region" : { "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 - } - }, - "message" : { - "text" : "messageToPass" - } - } - } ] - } ] - }, { - "threadFlows" : [ { - "locations" : [ { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 63 - }, - "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 - } - }, - "message" : { - "text" : "req" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", - "uriBaseId" : "%SRCROOT%", - "index" : 63 - }, - "region" : { - "startLine" : 7, - "startColumn" : 39, - "endColumn" : 42 + "startColumn" : 32, + "endColumn" : 45 } }, "message" : { - "text" : "req" + "text" : "messageToPass" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service1-protocol-none/srv/service2.js", + "uriBaseId" : "%SRCROOT%", + "index" : 95 + }, + "region" : { + "startLine" : 6, + "startColumn" : 29, + "endColumn" : 32 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/cap-log-injection", + "rule" : { + "id" : "js/cap-log-injection", + "index" : 1, + "toolComponent" : { + "index" : 2 + } + }, + "message" : { + "text" : "Log entry depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 11, + "startColumn" : 16, + "endColumn" : 29 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "eae426bf8fad0192:1", + "primaryLocationStartColumnFingerprint" : "9" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { "startLine" : 7, - "startColumn" : 39, - "endColumn" : 47 + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "req.data" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 19, - "endColumn" : 36 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 37 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 21, - "endColumn" : 34 + "startLine" : 8, + "startColumn" : 34, + "endColumn" : 42 } }, "message" : { - "text" : "messageToPass" + "text" : "req.data" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 19, - "endColumn" : 47 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { - "text" : "messageToPass" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 9, - "startColumn" : 38, - "endColumn" : 51 + "startLine" : 8, + "startColumn" : 15, + "endColumn" : 19 } }, "message" : { - "text" : "messageToPass" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 9, - "startColumn" : 36, - "endColumn" : 53 + "startLine" : 8, + "startColumn" : 13, + "endColumn" : 42 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startLine" : 11, + "startColumn" : 25, + "endColumn" : 29 } }, "message" : { - "text" : "msg" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startLine" : 11, + "startColumn" : 16, + "endColumn" : 29 } }, "message" : { - "text" : "msg" + "text" : "\"CAP:\" + book" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 7, + "startColumn" : 34, + "endColumn" : 37 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/cap-log-injection", + "rule" : { + "id" : "js/cap-log-injection", + "index" : 1, + "toolComponent" : { + "index" : 2 + } + }, + "message" : { + "text" : "Log entry depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 18, + "startColumn" : 47, + "endColumn" : 48 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "e05b39891dddd161:1", + "primaryLocationStartColumnFingerprint" : "40" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startLine" : 15, + "startColumn" : 24, + "endColumn" : 27 } }, "message" : { - "text" : "msg.data" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 32 + "startLine" : 18, + "startColumn" : 17, + "endColumn" : 20 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 7, + "startLine" : 18, "startColumn" : 17, - "endColumn" : 30 + "endColumn" : 25 } }, "message" : { - "text" : "messageToPass" + "text" : "req.data" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startLine" : 18, + "startColumn" : 13, + "endColumn" : 25 } }, "message" : { - "text" : "messageToPass" + "text" : "$" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 62 + "index" : 2 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 18, + "startColumn" : 47, + "endColumn" : 48 } }, "message" : { - "text" : "messageToPass" + "text" : "$" } } } ] @@ -25628,31 +28376,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service2.js", - "uriBaseId" : "%SRCROOT%", - "index" : 62 - }, - "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 - } - }, - "message" : { - "text" : "user-provided value" - } - }, { - "id" : 2, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service1-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 63 + "index" : 2 }, "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 + "startLine" : 15, + "startColumn" : 24, + "endColumn" : 27 } }, "message" : { @@ -25669,14 +28400,14 @@ } }, "message" : { - "text" : "Log entry depends on a [user-provided value](1).\nLog entry depends on a [user-provided value](2)." + "text" : "Log entry depends on a [user-provided value](1)." }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 102 }, "region" : { "startLine" : 9, @@ -25695,68 +28426,68 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startColumn" : 33, + "endColumn" : 36 } }, "message" : { - "text" : "msg" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startColumn" : 39, + "endColumn" : 42 } }, "message" : { - "text" : "msg" + "text" : "req" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startColumn" : 39, + "endColumn" : 47 } }, "message" : { - "text" : "msg.data" + "text" : "req.data" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 7, - "startColumn" : 15, - "endColumn" : 32 + "startColumn" : 19, + "endColumn" : 36 } }, "message" : { @@ -25767,14 +28498,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 7, - "startColumn" : 17, - "endColumn" : 30 + "startColumn" : 21, + "endColumn" : 34 } }, "message" : { @@ -25785,14 +28516,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startColumn" : 19, + "endColumn" : 47 } }, "message" : { @@ -25803,126 +28534,122 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 100 }, "region" : { "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startColumn" : 38, + "endColumn" : 51 } }, "message" : { "text" : "messageToPass" } } - } ] - } ] - }, { - "threadFlows" : [ { - "locations" : [ { + }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 100 }, "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 + "startLine" : 9, + "startColumn" : 36, + "endColumn" : 53 } }, "message" : { - "text" : "req" + "text" : "{ messageToPass }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { - "startLine" : 7, - "startColumn" : 39, - "endColumn" : 42 + "startLine" : 6, + "startColumn" : 29, + "endColumn" : 32 } }, "message" : { - "text" : "req" + "text" : "msg" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { "startLine" : 7, - "startColumn" : 39, - "endColumn" : 47 + "startColumn" : 35, + "endColumn" : 38 } }, "message" : { - "text" : "req.data" + "text" : "msg" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { "startLine" : 7, - "startColumn" : 19, - "endColumn" : 36 + "startColumn" : 35, + "endColumn" : 43 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "msg.data" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { "startLine" : 7, - "startColumn" : 21, - "endColumn" : 34 + "startColumn" : 15, + "endColumn" : 32 } }, "message" : { - "text" : "messageToPass" + "text" : "{ messageToPass }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { "startLine" : 7, - "startColumn" : 19, - "endColumn" : 47 + "startColumn" : 17, + "endColumn" : 30 } }, "message" : { @@ -25933,14 +28660,14 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { - "startLine" : 9, - "startColumn" : 38, - "endColumn" : 51 + "startLine" : 7, + "startColumn" : 15, + "endColumn" : 43 } }, "message" : { @@ -25951,144 +28678,179 @@ "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 102 }, "region" : { "startLine" : 9, - "startColumn" : 36, - "endColumn" : 53 - } - }, - "message" : { - "text" : "{ messageToPass }" - } - } - }, { - "location" : { - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", - "uriBaseId" : "%SRCROOT%", - "index" : 66 - }, - "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 + "startColumn" : 32, + "endColumn" : 45 } }, "message" : { - "text" : "msg" + "text" : "messageToPass" } } - }, { + } ] + } ] + } ], + "relatedLocations" : [ { + "id" : 1, + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-service2-protocol-none/srv/service1.js", + "uriBaseId" : "%SRCROOT%", + "index" : 100 + }, + "region" : { + "startLine" : 6, + "startColumn" : 33, + "endColumn" : 36 + } + }, + "message" : { + "text" : "user-provided value" + } + } ] + }, { + "ruleId" : "js/cap-log-injection", + "rule" : { + "id" : "js/cap-log-injection", + "index" : 1, + "toolComponent" : { + "index" : 2 + } + }, + "message" : { + "text" : "Log entry depends on a [user-provided value](1)." + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", + "uriBaseId" : "%SRCROOT%", + "index" : 2 + }, + "region" : { + "startLine" : 25, + "startColumn" : 16, + "endColumn" : 29 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "4dc77ce4a9b7031e:1", + "primaryLocationStartColumnFingerprint" : "9" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 38 + "startLine" : 23, + "startColumn" : 34, + "endColumn" : 54 } }, "message" : { - "text" : "msg" + "text" : "req2.params.category" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 35, - "endColumn" : 43 + "startLine" : 23, + "startColumn" : 13, + "endColumn" : 31 } }, "message" : { - "text" : "msg.data" + "text" : "{ book, quantity }" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 7, + "startLine" : 23, "startColumn" : 15, - "endColumn" : 32 + "endColumn" : 19 } }, "message" : { - "text" : "{ messageToPass }" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 17, - "endColumn" : 30 + "startLine" : 23, + "startColumn" : 13, + "endColumn" : 54 } }, "message" : { - "text" : "messageToPass" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 7, - "startColumn" : 15, - "endColumn" : 43 + "startLine" : 25, + "startColumn" : 25, + "endColumn" : 29 } }, "message" : { - "text" : "messageToPass" + "text" : "book" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 66 + "index" : 2 }, "region" : { - "startLine" : 9, - "startColumn" : 32, - "endColumn" : 45 + "startLine" : 25, + "startColumn" : 16, + "endColumn" : 29 } }, "message" : { - "text" : "messageToPass" + "text" : "\"CAP:\" + book" } } } ] @@ -26098,31 +28860,14 @@ "id" : 1, "physicalLocation" : { "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service2.js", - "uriBaseId" : "%SRCROOT%", - "index" : 66 - }, - "region" : { - "startLine" : 6, - "startColumn" : 29, - "endColumn" : 32 - } - }, - "message" : { - "text" : "user-provided value" - } - }, { - "id" : 2, - "physicalLocation" : { - "artifactLocation" : { - "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-with-service2-protocol-none/srv/service1.js", + "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-single-file/loginjection.js", "uriBaseId" : "%SRCROOT%", - "index" : 67 + "index" : 2 }, "region" : { - "startLine" : 6, - "startColumn" : 33, - "endColumn" : 36 + "startLine" : 23, + "startColumn" : 34, + "endColumn" : 54 } }, "message" : { @@ -26146,7 +28891,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 9, @@ -26167,7 +28912,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 6, @@ -26185,7 +28930,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 7, @@ -26203,7 +28948,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 7, @@ -26221,7 +28966,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 7, @@ -26239,7 +28984,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 7, @@ -26257,7 +29002,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 7, @@ -26275,7 +29020,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 9, @@ -26293,7 +29038,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 9, @@ -26311,7 +29056,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 6, @@ -26329,7 +29074,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26347,7 +29092,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26365,7 +29110,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26383,7 +29128,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26401,7 +29146,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26419,7 +29164,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 9, @@ -26441,7 +29186,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 6, @@ -26459,7 +29204,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26477,7 +29222,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26495,7 +29240,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26513,7 +29258,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26531,7 +29276,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 7, @@ -26549,7 +29294,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 9, @@ -26570,7 +29315,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service1.js", "uriBaseId" : "%SRCROOT%", - "index" : 70 + "index" : 114 }, "region" : { "startLine" : 6, @@ -26587,7 +29332,7 @@ "artifactLocation" : { "uri" : "javascript/frameworks/cap/test/queries/loginjection/log-injection-without-protocol-none/srv/service2.js", "uriBaseId" : "%SRCROOT%", - "index" : 71 + "index" : 116 }, "region" : { "startLine" : 6, @@ -26641,4 +29386,4 @@ } } } ] -} +} \ No newline at end of file diff --git a/.github/workflows/run-codeql-unit-tests-javascript.yml b/.github/workflows/run-codeql-unit-tests-javascript.yml index fb744e590..4e0cd6e5b 100644 --- a/.github/workflows/run-codeql-unit-tests-javascript.yml +++ b/.github/workflows/run-codeql-unit-tests-javascript.yml @@ -104,7 +104,7 @@ jobs: CODEQL_STDLIB_IDENT: ${{matrix.codeql_standard_library_ident}} RUNNER_TMP: ${{ runner.temp }} LGTM_INDEX_XML_MODE: all - LGTM_INDEX_FILTERS: "include:**/*.json" + LGTM_INDEX_FILETYPES: ".json:JSON" shell: bash run: > @@ -147,4 +147,4 @@ jobs: run: | qlt test run validate-unit-tests --pretty-print --results-directory . >> $GITHUB_STEP_SUMMARY qlt test run validate-unit-tests --results-directory . - \ No newline at end of file +