support that two indexOf() calls use the same string-concatenation in getAnEquivalentIndexOfCall()

2026-04-26 09:15:12 +02:00 · 2025-01-21 09:43:57 +01:00
parent d5529e3a7e
commit 17afab7d0f
3 changed files with 12 additions and 2 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/IncorrectSuffixCheck.expected
@@ -9,4 +9,3 @@
 | tst.js:67:32:67:71 | x.index ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
 | tst.js:76:25:76:57 | index = ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
 | tst.js:80:10:80:57 | x.index ... th + 1) | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
-| tst.js:110:65:110:164 | trusted ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
--- a/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck/tst.js
@@ -107,5 +107,5 @@ function sameCheck(allowedOrigin) {

 function sameConcatenation(allowedOrigin) {
    const trustedAuthority = "example.com";
-    return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK - but currently failing
+    return trustedAuthority.indexOf("." + allowedOrigin) > 0 && trustedAuthority.indexOf("." + allowedOrigin) === trustedAuthority.length - allowedOrigin.length - 1; // OK
 }