hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test for promise inside Promise.all

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-15 11:49:29 +02:00
parent dd3342ba6f
commit 3138918f1d
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/test/library-tests/Promises/flow2.js
View File

@@ -14,4 +14,8 @@
var [clean2, tainted2] = await Promise.resolve(Promise.all(["clean", source]));
sink(clean2); // OK - but flagged by taint-tracking
sink(tainted2); // NOT OK
var [clean2, tainted2] = await Promise.all(["clean", Promise.resolve(source)]);
sink(clean2); // OK - but flagged by taint-tracking
sink(tainted2); // NOT OK - but only flagged by taint-tracking
});

8
javascript/ql/test/library-tests/Promises/tests.expected
View File

@@ -6,6 +6,9 @@ test_ResolvedPromiseDefinition
| flow2.js:14:33:14:79 | Promise ... urce])) | flow2.js:14:49:14:78 | Promise ... ource]) |
| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:62:14:68 | "clean" |
| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:71:14:76 | source |
| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:46:18:52 | "clean" |
| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:55:18:77 | Promise ... source) |
| flow2.js:18:55:18:77 | Promise ... source) | flow2.js:18:71:18:76 | source |
| flow.js:4:11:4:33 | Promise ... source) | flow.js:4:27:4:32 | source |
| flow.js:20:2:20:24 | Promise ... source) | flow.js:20:18:20:23 | source |
| flow.js:22:2:22:24 | Promise ... source) | flow.js:22:18:22:23 | source |
@@ -234,6 +237,8 @@ exclusiveTaintFlow
| flow2.js:2:15:2:22 | "source" | flow2.js:7:8:7:13 | arr[1] |
| flow2.js:2:15:2:22 | "source" | flow2.js:11:7:11:11 | clean |
| flow2.js:2:15:2:22 | "source" | flow2.js:15:7:15:12 | clean2 |
| flow2.js:2:15:2:22 | "source" | flow2.js:19:7:19:12 | clean2 |
| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted2 |
| interflow.js:3:18:3:25 | "source" | interflow.js:18:10:18:14 | error |
typetrack
| flow2.js:4:2:4:31 | Promise ... lean"]) | flow2.js:4:14:4:30 | [source, "clean"] | copy $PromiseResolveField$ |
@@ -247,6 +252,9 @@ typetrack
| flow2.js:14:33:14:79 | Promise ... urce])) | flow2.js:14:49:14:78 | Promise ... ource]) | store $PromiseResolveField$ |
| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:61:14:77 | ["clean", source] | copy $PromiseResolveField$ |
| flow2.js:14:49:14:78 | Promise ... ource]) | flow2.js:14:61:14:77 | ["clean", source] | store $PromiseResolveField$ |
| flow2.js:18:27:18:79 | await P ... urce)]) | flow2.js:18:33:18:79 | Promise ... urce)]) | load $PromiseResolveField$ |
| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:45:18:78 | ["clean ... ource)] | copy $PromiseResolveField$ |
| flow2.js:18:33:18:79 | Promise ... urce)]) | flow2.js:18:45:18:78 | ["clean ... ource)] | store $PromiseResolveField$ |
| flow.js:20:2:20:43 | Promise ... ink(x)) | flow.js:20:36:20:42 | sink(x) | copy $PromiseResolveField$ |
| flow.js:20:2:20:43 | Promise ... ink(x)) | flow.js:20:36:20:42 | sink(x) | store $PromiseResolveField$ |
| flow.js:20:31:20:31 | x | flow.js:20:2:20:24 | Promise ... source) | load $PromiseResolveField$ |