JS: Track taint through exceptions

2026-04-30 19:26:02 +02:00 · 2019-04-30 18:34:25 +01:00
parent 639d715d03
commit 36cefd8fc6
4 changed files with 154 additions and 6 deletions
--- a/javascript/ql/test/library-tests/TaintTracking/exceptions.js
+++ b/javascript/ql/test/library-tests/TaintTracking/exceptions.js
@@ -0,0 +1,33 @@
+function test(unsafe, safe) {
+  try {
+    throw2(source());
+  } catch (e) {
+    sink(e);
+  }
+
+  try {
+    throw2(unsafe);
+  } catch (e) {
+    sink(e);
+  }
+
+  try {
+    throw2(safe);
+  } catch (e) {
+    sink(e); // OK
+  }
+}
+
+function throw2(x) {
+  throw1(x);
+  throw1(x); // no single-call inlining
+}
+
+function throw1(x) {
+  throw x;
+}
+
+
+test(source(), "hello");
+test("hey", "hello"); // no single-call inlining
+