Add new experimental query MultipleArgumentsToSetConstructor.

2026-04-25 16:55:19 +02:00 · 2021-05-21 09:54:41 +01:00
parent 922b276fac
commit 6e34784fc5
9 changed files with 98 additions and 0 deletions
--- a/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.qhelp
+++ b/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.qhelp
@@ -0,0 +1,43 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>
+The <code>Set</code> constructor accepts an arbitrary number of arguments, but only the first one
+is used to construct the set. The remaining arguments are ignored.
+Code that invokes the <code>Set</code> constructor with multiple arguments is therefore likely to
+be incorrect.
+</p>
+</overview>
+
+<recommendation>
+<p>
+Only pass a single argument to the <code>Set</code> constructor, which should be an iterable object
+(such as an array).
+</p>
+</recommendation>
+
+<example>
+<p>
+The following example creates a set containing the vowels in the English language, and defines
+a function that returns a boolean indicating whether a given character is a vowel:
+</p>
+<sample src="examples/MultipleArgumentsToSetConstructorBad.js"/>
+
+<p>
+However, this code does not work as intended: the <code>Set</code> constructor ignores all but
+the first argument, so the <code>vowels</code> set only contains the letter <code>a</code>.
+</p>
+
+<p>
+Instead, the list of vowels should be wrapped into an array:
+</p>
+<sample src="examples/MultipleArgumentsToSetConstructorGood.js"/>
+</example>
+
+<references>
+<li><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Set/Set">MDN Web Docs: Set() constructor</a></li>
+</references>
+</qhelp>
--- a/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.ql
+++ b/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.ql
@@ -0,0 +1,22 @@
+/**
+ * @name Multiple arguments to `Set` constructor
+ * @description The `Set` constructor ignores all but the first argument, so passing multiple
+ *              arguments may indicate a mistake.
+ * @kind problem
+ * @problem.severity warning
+ * @precision high
+ * @id js/multiple-arguments-to-set-constructor
+ * @tags correctness
+ */
+
+import javascript
+
+from DataFlow::NewNode newSet, DataFlow::Node ignoredArg
+where
+  newSet = DataFlow::globalVarRef("Set").getAnInstantiation() and
+  (
+    ignoredArg = newSet.getArgument(any(int n | n > 0))
+    or
+    ignoredArg = newSet.getASpreadArgument()
+  )
+select ignoredArg, "All but the first argument to the Set constructor are ignored."
--- a/javascript/ql/src/experimental/StandardLibrary/examples/MultipleArgumentsToSetConstructorBad.js
+++ b/javascript/ql/src/experimental/StandardLibrary/examples/MultipleArgumentsToSetConstructorBad.js
@@ -0,0 +1,5 @@
+const vowels = new Set('a', 'e', 'i', 'o', 'u');
+
+function isVowel(char) {
+  return vowels.has(char.toLowerCase());
+}
--- a/javascript/ql/src/experimental/StandardLibrary/examples/MultipleArgumentsToSetConstructorGood.js
+++ b/javascript/ql/src/experimental/StandardLibrary/examples/MultipleArgumentsToSetConstructorGood.js
@@ -0,0 +1,5 @@
+const vowels = new Set(['a', 'e', 'i', 'o', 'u']);
+
+function isVowel(char) {
+  return vowels.has(char.toLowerCase());
+}