JS: update diff-informed expected files

cklin · cklin · commit ccab7b6fff91 · 2025-04-24T11:01:46.000-07:00
This commit adds expected files for diff-informed testing. These
expected files describe how diff-informed queries produce alerts that
are not completely in accordance with the given diff ranges.
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/47d3c.expected
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-16
+  main.js:18-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/ad592.expected
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-15
+  main.js:17-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(16,21)-(16,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(16,21)-(16,35)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/(17,48)-(17,50).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(17,48)-(17,50)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/16.expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:16
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/DIFF-INFORMED/UnsafeHtmlConstruction/main.js/17.expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:17
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,28)-(15,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,28)-(15,35)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`_' and with many repetitions of '\t'. | polynomial-redos.js:15:41:15:43 | \s* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(15,41)-(15,43).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,41)-(15,43)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`' and with many repetitions of '\t'. | polynomial-redos.js:15:28:15:35 | [\s\S]*? | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,11)-(17,12).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,11)-(17,12)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of ','. | polynomial-redos.js:17:5:17:6 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(17,5)-(17,6).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,5)-(17,6)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings starting with ',' and with many repetitions of ',,'. | polynomial-redos.js:17:11:17:12 | .+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,37)-(25,56).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,37)-(25,56)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t\t' and with many repetitions of '='. | polynomial-redos.js:25:63:25:64 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(25,63)-(25,64).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,63)-(25,64)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t' and with many repetitions of '\t\t'. | polynomial-redos.js:25:37:25:56 | [a-zA-Z0-9+\/ \t\n]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,19)-(30,22).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,19)-(30,22)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings starting with '?' and with many repetitions of '?'. | polynomial-redos.js:30:23:30:24 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(30,23)-(30,24).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,23)-(30,24)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings with many repetitions of '?'. | polynomial-redos.js:30:19:30:22 | [?]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,18)-(36,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,18)-(36,19)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:36:35:36:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(36,35)-(36,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,35)-(36,36)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:36:18:36:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,18)-(37,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,18)-(37,19)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<style="!"' and with many repetitions of 'style="!"'. | polynomial-redos.js:37:35:37:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(37,35)-(37,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,35)-(37,36)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:37:18:37:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,18)-(38,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,18)-(38,19)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<href="!"' and with many repetitions of 'href="!"'. | polynomial-redos.js:38:34:38:35 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(38,34)-(38,35).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,34)-(38,35)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:38:18:38:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,3)-(53,8).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,3)-(53,8)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'Y'. | polynomial-redos.js:53:9:53:12 | (Y)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(53,9)-(53,12).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,9)-(53,12)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:53:3:53:8 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,10)-(54,13).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,10)-(54,13)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:54:4:54:9 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(54,4)-(54,9).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,4)-(54,9)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'B'. | polynomial-redos.js:54:10:54:13 | (.)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,18)-(75,19).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,18)-(75,19)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:75:35:75:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/DIFF-INFORMED/PolynomialReDoS/polynomial-redos.js/(75,35)-(75,36).expected
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,35)-(75,36)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:75:18:75:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ main.js:(16,21)-(16,35)`
	`3`	`+Wrongly included: \| main.js:12:49:12:49 \| s \| This XML parsing which depends on $@ might later allow $@. \| main.js:11:60:11:60 \| s \| library input \| main.js:17:48:17:50 \| tmp \| cross-site scripting \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ main.js:(17,48)-(17,50)`
	`3`	`+Wrongly included: \| main.js:12:49:12:49 \| s \| This XML parsing which depends on $@ might later allow $@. \| main.js:11:60:11:60 \| s \| library input \| main.js:16:21:16:35 \| xml.cloneNode() \| cross-site scripting \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ main.js:16`
	`3`	`+Wrongly included: \| main.js:12:49:12:49 \| s \| This XML parsing which depends on $@ might later allow $@. \| main.js:11:60:11:60 \| s \| library input \| main.js:17:48:17:50 \| tmp \| cross-site scripting \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ main.js:17`
	`3`	`+Wrongly included: \| main.js:12:49:12:49 \| s \| This XML parsing which depends on $@ might later allow $@. \| main.js:11:60:11:60 \| s \| library input \| main.js:16:21:16:35 \| xml.cloneNode() \| cross-site scripting \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ polynomial-redos.js:(15,28)-(15,35)`
	`3`	+Wrongly included: \| polynomial-redos.js:15:2:15:52 \| tainted ... (?!`)/) \| This $@ that depends on $@ may run slow on strings starting with '`_' and with many repetitions of '\t'. \| polynomial-redos.js:15:41:15:43 \| \s* \| regular expression \| polynomial-redos.js:5:16:5:32 \| req.query.tainted \| a user-provided value \|
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ polynomial-redos.js:(15,41)-(15,43)`
	`3`	+Wrongly included: \| polynomial-redos.js:15:2:15:52 \| tainted ... (?!`)/) \| This $@ that depends on $@ may run slow on strings starting with '`' and with many repetitions of '\t'. \| polynomial-redos.js:15:28:15:35 \| [\s\S]*? \| regular expression \| polynomial-redos.js:5:16:5:32 \| req.query.tainted \| a user-provided value \|
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ polynomial-redos.js:(17,11)-(17,12)`
	`3`	`+Wrongly included: \| polynomial-redos.js:17:2:17:30 \| /^(.,) ... ainted) \| This $@ that depends on $@ may run slow on strings with many repetitions of ','. \| polynomial-redos.js:17:5:17:6 \| . \| regular expression \| polynomial-redos.js:5:16:5:32 \| req.query.tainted \| a user-provided value \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Filtering alerts to these ranges:`
	`2`	`+ polynomial-redos.js:(17,5)-(17,6)`
	`3`	`+Wrongly included: \| polynomial-redos.js:17:2:17:30 \| /^(.*,) ... ainted) \| This $@ that depends on $@ may run slow on strings starting with ',' and with many repetitions of ',,'. \| polynomial-redos.js:17:11:17:12 \| .+ \| regular expression \| polynomial-redos.js:5:16:5:32 \| req.query.tainted \| a user-provided value \|`