Merge pull request #19854 from Napalys/js/sinon

JS: Explicitly Mark `Sinon` Package as Non RegExp
2026-04-29 10:45:15 +02:00 · 2025-06-24 10:24:13 +02:00
parent e8a08a6b96 33f42444d5
commit 2218a981f6
4 changed files with 16 additions and 0 deletions
--- a/javascript/ql/lib/change-notes/2025-06-20-sinon.md
+++ b/javascript/ql/lib/change-notes/2025-06-20-sinon.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Calls to `sinon.match()` are no longer incorrectly identified as regular expression operations.
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -998,6 +998,8 @@ private predicate isUsedAsNonMatchObject(DataFlow::MethodCallNode call) {
    or
    // Result is obviously unused
    call.asExpr() = any(ExprStmt stmt).getExpr()
+    or
+    call = API::moduleImport("sinon").getMember("match").getACall()
  )
 }