Merge pull request #1504 from xiemaisi/js/shift-bigint

Approved by asger-semmle

javascript/ql/src/Expressions/ShiftOutOfRange.qhelp

@@ -14,7 +14,9 @@ greater than 31, the left operand is actually only shifted by that value modulo
 
 <p>
 Use standard library functions such as <code>Math.pow</code> to perform the required
-shifting.
+shifting. Alternatively, you can use the
+<a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt">BigInt</a>
+type if it is available on your platform.
 </p>
 
 </recommendation>

javascript/ql/src/Expressions/ShiftOutOfRange.ql

@@ -1,7 +1,7 @@
 /**
  * @name Shift out of range
- * @description The shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
- *              right operand into account. Thus, it is not possible to shift by more than 31 bits.
+ * @description The integer shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
+ *              right operand into account. Thus, it is not possible to shift an integer by more than 31 bits.
  * @kind problem
  * @problem.severity error
  * @id js/shift-out-of-range
@@ -14,5 +14,7 @@
 import javascript
 
 from ShiftExpr shift
-where shift.getRightOperand().getIntValue() > 31
+where
+  shift.getRightOperand().getIntValue() > 31 and
+  not shift.getRightOperand().stripParens() instanceof BigIntLiteral
 select shift, "Shift out of range."

javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js

@@ -1 +1,4 @@
-var n = 1<<40;
+var n = 1<<40; // NOT OK
+var n2 = BigInt(1) << 40n; // OK
+
+// semmle-extractor-options: --experimental