JS: Add inline-expectation test for type tracking

2026-04-25 08:45:14 +02:00 · 2024-11-19 15:16:53 +01:00
parent 6349903110
commit 440cbb7f0a
3 changed files with 86 additions and 0 deletions
--- a/javascript/ql/test/library-tests/TypeTracking2/summaries.js
+++ b/javascript/ql/test/library-tests/TypeTracking2/summaries.js
@@ -0,0 +1,45 @@
+function m0() {
+  const x = source("m0.1");
+  sink(x); // $ track=m0.1
+}
+
+function m1() {
+  const fn = mkSummary("Argument[0]", "ReturnValue");
+  const obj = source("m1.1");
+  sink(fn(obj)); // $ MISSING: track=m1.1
+  sink(fn(obj.p));
+  sink(fn(obj).p);
+  sink(fn({ p: obj }));
+  sink(fn({ p: obj }).q);
+}
+
+function m2() {
+  const fn = mkSummary("Argument[0].Member[p]", "ReturnValue");
+  const obj = source("m2.1");
+  sink(fn(obj));
+  sink(fn(obj.p));
+  sink(fn(obj).p);
+  sink(fn({ p: obj })); // $ MISSING: track=m2.1
+  sink(fn({ p: obj }).q);
+}
+
+function m3() {
+  const fn = mkSummary("Argument[0]", "ReturnValue.Member[p]");
+  const obj = source("m3.1");
+  sink(fn(obj));
+  sink(fn(obj.p));
+  sink(fn(obj).p); // $ MISSING: track=m3.1
+  sink(fn({ p: obj }));
+  sink(fn({ p: obj }).q);
+}
+
+
+function m4() {
+  const fn = mkSummary("Argument[0].Member[p]", "ReturnValue.Member[q]");
+  const obj = source("m4.1");
+  sink(fn(obj));
+  sink(fn(obj.p));
+  sink(fn(obj).p);
+  sink(fn({ p: obj }));
+  sink(fn({ p: obj }).q); // $ MISSING: track=m4.1
+}
--- a/javascript/ql/test/library-tests/TypeTracking2/test.expected
+++ b/javascript/ql/test/library-tests/TypeTracking2/test.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/javascript/ql/test/library-tests/TypeTracking2/test.ql
+++ b/javascript/ql/test/library-tests/TypeTracking2/test.ql
@@ -0,0 +1,39 @@
+import javascript
+import testUtilities.InlineSummaries
+import testUtilities.InlineExpectationsTest
+
+private DataFlow::SourceNode typeTrack(DataFlow::TypeTracker t, string name) {
+  t.start() and
+  exists(DataFlow::CallNode call |
+    call.getCalleeName() = "source" and
+    name = call.getArgument(0).getStringValue() and
+    result = call
+  )
+  or
+  exists(DataFlow::TypeTracker t2 | result = typeTrack(t2, name).track(t2, t))
+}
+
+DataFlow::SourceNode typeTrack(string name) {
+  result = typeTrack(DataFlow::TypeTracker::end(), name)
+}
+
+module TestConfig implements TestSig {
+  string getARelevantTag() { result = "track" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    element = "" and
+    tag = "track" and
+    exists(DataFlow::CallNode call, DataFlow::Node arg |
+      call.getCalleeName() = "sink" and
+      arg = call.getArgument(0) and
+      typeTrack(value).flowsTo(arg) and
+      location = arg.getLocation()
+    )
+  }
+
+  predicate hasOptionalResult(Location location, string element, string tag, string value) {
+    none()
+  }
+}
+
+import MakeTest<TestConfig>