hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test showing potential for FPs when handling refinement guards

Browse Source
This commit is contained in:
Asger F
2024-09-27 14:13:09 +02:00
parent 958602e43e
commit 16b08b74eb
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
javascript/ql/test/library-tests/TripleDot/useuse.js
View File

@@ -142,3 +142,34 @@ function t8() {
const taint = source('t8.1') + ' taint';
foo(taint);
}
function t9() { // same as t8 but with a SanitizerGuard that isn't just a variable access
function foo(x) {
const obj = {};
obj.field = x;
sink(obj.field); // $ hasTaintFlow=t9.1
if (typeof obj !== "undefined") {
sink(obj.field); // $ hasTaintFlow=t9.1
} else {
sink(obj.field);
}
if (typeof obj === "undefined") {
sink(obj.field);
} else {
sink(obj.field); // $ hasTaintFlow=t9.1
}
if (typeof obj === "undefined" || typeof obj === "undefined") {
sink(obj.field); // $ SPURIOUS: hasTaintFlow=t9.1
} else {
sink(obj.field); // $ hasTaintFlow=t9.1
}
}
// The guards used above are specific to taint-tracking, to ensure only taint flows in
const taint = source('t9.1') + ' taint';
foo(taint);
}