hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1004 from asger-semmle/suffix-check-bug

Browse Source 
JS: Recognize '+' in suffix check
This commit is contained in:
Max Schaefer
2019-02-28 14:23:26 +00:00
committed by GitHub
parent edba24129d 8e8085ea1f
commit 2ecabad553
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-020/IncorrectSuffixCheck.expected
View File

@@ -8,3 +8,4 @@
| tst.js:55:32:55:71 | x.index ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:67:32:67:71 | x.index ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:76:25:76:57 | index = ... gth - 1 | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |
| tst.js:80:10:80:57 | x.index ... th + 1) | This suffix check is missing a length comparison to correctly handle indexOf returning -1. |

4
javascript/ql/test/query-tests/Security/CWE-020/tst.js
View File

@@ -75,3 +75,7 @@ function withIndexOfCheckBad(x, y) {
let index = x.indexOf(y);
return index !== 0 && index === x.length - y.length - 1; // NOT OK
}
function plus(x, y) {
return x.indexOf("." + y) === x.length - (y.length + 1); // NOT OK
}