-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathXSS.expected
More file actions
128 lines (128 loc) · 20 KB
/
XSS.expected
File metadata and controls
128 lines (128 loc) · 20 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
edges
| Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData | Controllers/TestController.cs:71:43:71:43 | x : UserData |
| Controllers/TestController.cs:71:43:71:43 | x : UserData | Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData |
| Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData | Views/Test2/Test11.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:82:42:82:50 | tainted13 : UserData | Controllers/TestController.cs:84:37:84:45 | access to parameter tainted13 : UserData |
| Controllers/TestController.cs:84:37:84:45 | access to parameter tainted13 : UserData | Controllers/TestController.cs:95:64:95:64 | x : UserData |
| Controllers/TestController.cs:87:42:87:50 | tainted14 : UserData | Controllers/TestController.cs:89:37:89:45 | access to parameter tainted14 : UserData |
| Controllers/TestController.cs:89:37:89:45 | access to parameter tainted14 : UserData | Controllers/TestController.cs:97:64:97:64 | x : UserData |
| Controllers/TestController.cs:95:64:95:64 | x : UserData | Controllers/TestController.cs:95:113:95:113 | access to parameter x : UserData |
| Controllers/TestController.cs:95:113:95:113 | access to parameter x : UserData | Views/Other/Test13.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:97:64:97:64 | x : UserData | Controllers/TestController.cs:97:93:97:93 | access to parameter x : UserData |
| Controllers/TestController.cs:97:93:97:93 | access to parameter x : UserData | Views/Shared/Test14.cshtml:8:16:8:20 | access to property Model : UserData |
| Controllers/TestController.cs:105:42:105:50 | tainted15 : UserData | Controllers/TestController.cs:107:21:107:29 | access to parameter tainted15 : UserData |
| Controllers/TestController.cs:107:21:107:29 | access to parameter tainted15 : UserData | Views/Custom/Test3/Test15.cshtml:8:16:8:20 | access to property Model : UserData |
| Views/Custom/Test3/Test15.cshtml:8:16:8:20 | access to property Model : UserData | Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test9.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name |
| Views/Other/Test13.cshtml:8:16:8:20 | access to property Model : UserData | Views/Other/Test13.cshtml:8:16:8:25 | access to property Name |
| Views/Shared/Test2.cshtml:8:16:8:20 | access to property Model : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name |
| Views/Shared/Test14.cshtml:8:16:8:20 | access to property Model : UserData | Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name |
| Views/Test2/Test10.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name |
| Views/Test2/Test11.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name |
| Views/Test/Test1.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name |
| Views/Test/Test3.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name |
| Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name |
| Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name |
nodes
| Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | semmle.label | tainted1 : UserData |
| Controllers/TestController.cs:16:30:16:37 | access to parameter tainted1 : UserData | semmle.label | access to parameter tainted1 : UserData |
| Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | semmle.label | tainted2 : UserData |
| Controllers/TestController.cs:21:30:21:37 | access to parameter tainted2 : UserData | semmle.label | access to parameter tainted2 : UserData |
| Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | semmle.label | tainted3 : UserData |
| Controllers/TestController.cs:26:30:26:37 | access to parameter tainted3 : UserData | semmle.label | access to parameter tainted3 : UserData |
| Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | semmle.label | tainted4 : UserData |
| Controllers/TestController.cs:31:32:31:39 | access to parameter tainted4 : UserData | semmle.label | access to parameter tainted4 : UserData |
| Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | semmle.label | tainted5 : UserData |
| Controllers/TestController.cs:36:39:36:46 | access to parameter tainted5 : UserData | semmle.label | access to parameter tainted5 : UserData |
| Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | semmle.label | tainted6 : UserData |
| Controllers/TestController.cs:41:64:41:71 | access to parameter tainted6 : UserData | semmle.label | access to parameter tainted6 : UserData |
| Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | semmle.label | tainted7 : UserData |
| Controllers/TestController.cs:46:21:46:28 | access to parameter tainted7 : UserData | semmle.label | access to parameter tainted7 : UserData |
| Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | semmle.label | tainted8 : UserData |
| Controllers/TestController.cs:51:50:51:57 | access to parameter tainted8 : UserData | semmle.label | access to parameter tainted8 : UserData |
| Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | semmle.label | tainted9 : UserData |
| Controllers/TestController.cs:56:51:56:58 | access to parameter tainted9 : UserData | semmle.label | access to parameter tainted9 : UserData |
| Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | semmle.label | tainted10 : UserData |
| Controllers/TestController.cs:63:31:63:39 | access to parameter tainted10 : UserData | semmle.label | access to parameter tainted10 : UserData |
| Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | semmle.label | tainted11 : UserData |
| Controllers/TestController.cs:68:23:68:31 | access to parameter tainted11 : UserData | semmle.label | access to parameter tainted11 : UserData |
| Controllers/TestController.cs:71:43:71:43 | x : UserData | semmle.label | x : UserData |
| Controllers/TestController.cs:71:70:71:70 | access to parameter x : UserData | semmle.label | access to parameter x : UserData |
| Controllers/TestController.cs:82:42:82:50 | tainted13 : UserData | semmle.label | tainted13 : UserData |
| Controllers/TestController.cs:84:37:84:45 | access to parameter tainted13 : UserData | semmle.label | access to parameter tainted13 : UserData |
| Controllers/TestController.cs:87:42:87:50 | tainted14 : UserData | semmle.label | tainted14 : UserData |
| Controllers/TestController.cs:89:37:89:45 | access to parameter tainted14 : UserData | semmle.label | access to parameter tainted14 : UserData |
| Controllers/TestController.cs:95:64:95:64 | x : UserData | semmle.label | x : UserData |
| Controllers/TestController.cs:95:113:95:113 | access to parameter x : UserData | semmle.label | access to parameter x : UserData |
| Controllers/TestController.cs:97:64:97:64 | x : UserData | semmle.label | x : UserData |
| Controllers/TestController.cs:97:93:97:93 | access to parameter x : UserData | semmle.label | access to parameter x : UserData |
| Controllers/TestController.cs:105:42:105:50 | tainted15 : UserData | semmle.label | tainted15 : UserData |
| Controllers/TestController.cs:107:21:107:29 | access to parameter tainted15 : UserData | semmle.label | access to parameter tainted15 : UserData |
| Views/Custom/Test3/Test15.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test5.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test6.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test8.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test9.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Other/Test13.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Shared/Test2.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Shared/Test14.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test2/Test10.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test2/Test11.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test/Test1.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test/Test3.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test/Test4.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
| Views/Test/Test7.cshtml:8:16:8:20 | access to property Model : UserData | semmle.label | access to property Model : UserData |
| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | semmle.label | access to property Name |
subpaths
#select
| Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:105:42:105:50 | tainted15 : UserData | Views/Custom/Test3/Test15.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:105:42:105:50 | tainted15 : UserData | User-provided value |
| Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | Views/Other/Test5.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:34:41:34:48 | tainted5 : UserData | User-provided value |
| Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | Views/Other/Test6.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:39:41:39:48 | tainted6 : UserData | User-provided value |
| Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | Views/Other/Test8.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:49:41:49:48 | tainted8 : UserData | User-provided value |
| Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | Views/Other/Test9.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:54:41:54:48 | tainted9 : UserData | User-provided value |
| Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:82:42:82:50 | tainted13 : UserData | Views/Other/Test13.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:82:42:82:50 | tainted13 : UserData | User-provided value |
| Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | Views/Shared/Test2.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:19:41:19:48 | tainted2 : UserData | User-provided value |
| Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:87:42:87:50 | tainted14 : UserData | Views/Shared/Test14.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:87:42:87:50 | tainted14 : UserData | User-provided value |
| Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | Views/Test2/Test10.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:61:42:61:50 | tainted10 : UserData | User-provided value |
| Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | Views/Test2/Test11.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:66:42:66:50 | tainted11 : UserData | User-provided value |
| Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | Views/Test/Test1.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:14:41:14:48 | tainted1 : UserData | User-provided value |
| Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | Views/Test/Test3.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:24:41:24:48 | tainted3 : UserData | User-provided value |
| Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | Views/Test/Test4.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:29:41:29:48 | tainted4 : UserData | User-provided value |
| Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | Views/Test/Test7.cshtml:8:16:8:25 | access to property Name | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Controllers/TestController.cs:44:41:44:48 | tainted7 : UserData | User-provided value |