JS: permit some calls with spurious arguments to empty functions

2025-12-20 10:46:30 +01:00 · 2018-08-08 10:13:02 +02:00
parent 87f9ecb442
commit 4e98ce21b4
7 changed files with 66 additions and 18 deletions
--- a/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
+++ b/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
@@ -83,5 +83,14 @@ class SpuriousArguments extends Expr {

 from SpuriousArguments args, Function f, string arguments
 where f = args.getCall().getACallee() and
-      if args.getCount() = 1 then arguments = "argument" else arguments = "arguments"
+      if args.getCount() = 1 then arguments = "argument" else arguments = "arguments" and
+      (
+        // exclude empty functions, they are probably commented out debug utilities ...
+        exists(f.getABodyStmt()) or
+        // ... but include: constructors, arrows and externals/ambients
+        f instanceof Constructor or // unlikely to be a debug utility
+        f instanceof ArrowFunctionExpr or // cannot be empty
+        f instanceof ExternalFunction or // always empty
+        f.isAmbient() // always empty
+      )
 select args, "Superfluous " + arguments + " passed to $@.", f, f.describe()