hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test to show lack of unknown array element being propagated

Browse Source
This commit is contained in:
Asger F
2024-09-05 11:48:38 +02:00
parent 92bb4b3da8
commit 379c7ef20a
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
javascript/ql/test/library-tests/TripleDot/tst.js
View File

@@ -138,3 +138,28 @@ function t13() {
}
target("safe", ...source('t13.1'));
}
function t14() {
function target(x, y, ...rest) {
sink(x); // $ hasValueFlow=t14.1
sink(y); // $ hasValueFlow=t14.1
sink(rest.pop()); // $ hasValueFlow=t14.1
sink(rest); // $ hasTaintFlow=t14.1
}
const args = new Array(Math.floor(Math.random() * 10));
args.push(source('t14.1'));
target(...args);
}
function t15() {
function target(safe, x, y, ...rest) {
sink(safe); // $ SPURIOUS: hasTaintFlow=t15.1
sink(x); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
sink(y); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
sink(rest.pop()); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
sink(rest); // $ hasTaintFlow=t15.1
}
const args = new Array(Math.floor(Math.random() * 10));
args.push(source('t15.1'));
target('safe', ...args);
}