JavaScript: Add import DataFlow::PathGraph.

Author: Max Schaefer

javascript/ql/src/Security/CWE-022/TaintedPath.ql

@@ -16,6 +16,7 @@
 
 import javascript
 import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)

javascript/ql/src/Security/CWE-078/CommandInjection.ql

@@ -14,6 +14,7 @@
 
 import javascript
 import semmle.javascript.security.dataflow.CommandInjection::CommandInjection
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink, DataFlow::Node highlight
 where cfg.hasFlow(source, sink) and

javascript/ql/src/Security/CWE-079/ReflectedXss.ql

@@ -13,8 +13,9 @@
 
 import javascript
 import semmle.javascript.security.dataflow.ReflectedXss::ReflectedXss
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
 select sink, "Cross-site scripting vulnerability due to $@.",
-       source, "user-provided value"
+       source, "user-provided value"

javascript/ql/src/Security/CWE-079/StoredXss.ql

@@ -13,8 +13,9 @@
 
 import javascript
 import semmle.javascript.security.dataflow.StoredXss::StoredXss
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
 select sink, "Stored cross-site scripting vulnerability due to $@.",
-       source, "stored value"
+       source, "stored value"

javascript/ql/src/Security/CWE-079/Xss.ql

@@ -13,6 +13,7 @@
 
 import javascript
 import semmle.javascript.security.dataflow.DomBasedXss::DomBasedXss
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)

javascript/ql/src/Security/CWE-089/SqlInjection.ql

@@ -13,6 +13,7 @@
 import javascript
 import semmle.javascript.security.dataflow.SqlInjection
 import semmle.javascript.security.dataflow.NosqlInjection
+import DataFlow::PathGraph
 
 from DataFlow::Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where (cfg instanceof SqlInjection::Configuration or

javascript/ql/src/Security/CWE-094/CodeInjection.ql

@@ -14,7 +14,8 @@
 
 import javascript
 import semmle.javascript.security.dataflow.CodeInjection::CodeInjection
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
-select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"
+select sink, "$@ flows to here and is interpreted as code.", source, "User-provided value"

javascript/ql/src/Security/CWE-134/TaintedFormatString.ql

@@ -11,6 +11,7 @@
 
 import javascript
 import semmle.javascript.security.dataflow.TaintedFormatString::TaintedFormatString
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)

javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql

@@ -10,6 +10,7 @@
 
 import javascript
 import semmle.javascript.security.dataflow.FileAccessToHttp::FileAccessToHttp
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow (source, sink)

javascript/ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -13,8 +13,9 @@
 
 import javascript
 import semmle.javascript.security.dataflow.StackTraceExposure::StackTraceExposure
+import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::Node source, DataFlow::Node sink
 where cfg.hasFlow(source, sink)
 select sink, "Stack trace information from $@ may be exposed to an external user here.",
-       source, "here"
+       source, "here"