JS: add query js/memory-exhaustion

javascript/ql/test/query-tests/Security/CWE-770/MemoryExhaustion.expected

@@ -0,0 +1,193 @@
+nodes
+| memory-exhaustion.js:6:7:6:42 | s |
+| memory-exhaustion.js:6:11:6:34 | url.par ... , true) |
+| memory-exhaustion.js:6:11:6:40 | url.par ... ).query |
+| memory-exhaustion.js:6:11:6:42 | url.par ... query.s |
+| memory-exhaustion.js:6:21:6:27 | req.url |
+| memory-exhaustion.js:6:21:6:27 | req.url |
+| memory-exhaustion.js:7:7:7:21 | n |
+| memory-exhaustion.js:7:11:7:21 | parseInt(s) |
+| memory-exhaustion.js:7:20:7:20 | s |
+| memory-exhaustion.js:13:21:13:21 | n |
+| memory-exhaustion.js:13:21:13:21 | n |
+| memory-exhaustion.js:14:21:14:21 | n |
+| memory-exhaustion.js:14:21:14:21 | n |
+| memory-exhaustion.js:15:16:15:16 | n |
+| memory-exhaustion.js:15:16:15:16 | n |
+| memory-exhaustion.js:16:22:16:22 | n |
+| memory-exhaustion.js:16:22:16:22 | n |
+| memory-exhaustion.js:17:26:17:26 | n |
+| memory-exhaustion.js:17:26:17:26 | n |
+| memory-exhaustion.js:19:14:19:14 | n |
+| memory-exhaustion.js:19:14:19:14 | n |
+| memory-exhaustion.js:21:20:21:20 | n |
+| memory-exhaustion.js:21:20:21:20 | n |
+| memory-exhaustion.js:23:18:23:18 | n |
+| memory-exhaustion.js:23:18:23:18 | n |
+| memory-exhaustion.js:28:9:28:9 | n |
+| memory-exhaustion.js:28:9:28:9 | n |
+| memory-exhaustion.js:29:13:29:13 | n |
+| memory-exhaustion.js:29:13:29:13 | n |
+| memory-exhaustion.js:30:9:30:9 | n |
+| memory-exhaustion.js:30:9:30:9 | n |
+| memory-exhaustion.js:31:9:31:9 | n |
+| memory-exhaustion.js:31:9:31:9 | n |
+| memory-exhaustion.js:32:9:32:9 | n |
+| memory-exhaustion.js:32:9:32:9 | n |
+| memory-exhaustion.js:33:9:33:9 | n |
+| memory-exhaustion.js:33:9:33:9 | n |
+| memory-exhaustion.js:35:12:35:12 | n |
+| memory-exhaustion.js:35:12:35:12 | n |
+| memory-exhaustion.js:36:12:36:12 | s |
+| memory-exhaustion.js:36:12:36:12 | s |
+| memory-exhaustion.js:38:14:38:14 | n |
+| memory-exhaustion.js:38:14:38:18 | n * x |
+| memory-exhaustion.js:38:14:38:18 | n * x |
+| memory-exhaustion.js:39:14:39:14 | n |
+| memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:39:18:39:18 | n |
+| memory-exhaustion.js:40:14:40:14 | n |
+| memory-exhaustion.js:40:14:40:18 | n + x |
+| memory-exhaustion.js:40:14:40:18 | n + x |
+| memory-exhaustion.js:41:14:41:14 | n |
+| memory-exhaustion.js:41:14:41:18 | n + s |
+| memory-exhaustion.js:41:14:41:18 | n + s |
+| memory-exhaustion.js:42:14:42:14 | s |
+| memory-exhaustion.js:42:14:42:18 | s + 2 |
+| memory-exhaustion.js:42:14:42:18 | s + 2 |
+| memory-exhaustion.js:46:14:46:25 | Math.ceil(s) |
+| memory-exhaustion.js:46:14:46:25 | Math.ceil(s) |
+| memory-exhaustion.js:46:24:46:24 | s |
+| memory-exhaustion.js:47:14:47:22 | Number(s) |
+| memory-exhaustion.js:47:14:47:22 | Number(s) |
+| memory-exhaustion.js:47:21:47:21 | s |
+| memory-exhaustion.js:50:14:50:14 | s |
+| memory-exhaustion.js:50:14:50:25 | s + x.length |
+| memory-exhaustion.js:50:14:50:25 | s + x.length |
+| memory-exhaustion.js:51:14:51:14 | s |
+| memory-exhaustion.js:51:14:51:21 | s.length |
+| memory-exhaustion.js:51:14:51:21 | s.length |
+| memory-exhaustion.js:56:16:56:16 | n |
+| memory-exhaustion.js:56:16:56:16 | n |
+| memory-exhaustion.js:59:7:59:20 | ns |
+| memory-exhaustion.js:59:12:59:20 | x ? n : s |
+| memory-exhaustion.js:59:16:59:16 | n |
+| memory-exhaustion.js:60:14:60:15 | ns |
+| memory-exhaustion.js:60:14:60:15 | ns |
+| memory-exhaustion.js:67:16:67:16 | n |
+| memory-exhaustion.js:67:16:67:16 | n |
+| memory-exhaustion.js:71:16:71:16 | n |
+| memory-exhaustion.js:71:16:71:16 | n |
+edges
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:7:20:7:20 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:36:12:36:12 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:36:12:36:12 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:42:14:42:14 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:46:24:46:24 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:47:21:47:21 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:50:14:50:14 | s |
+| memory-exhaustion.js:6:7:6:42 | s | memory-exhaustion.js:51:14:51:14 | s |
+| memory-exhaustion.js:6:11:6:34 | url.par ... , true) | memory-exhaustion.js:6:11:6:40 | url.par ... ).query |
+| memory-exhaustion.js:6:11:6:40 | url.par ... ).query | memory-exhaustion.js:6:11:6:42 | url.par ... query.s |
+| memory-exhaustion.js:6:11:6:42 | url.par ... query.s | memory-exhaustion.js:6:7:6:42 | s |
+| memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:6:11:6:34 | url.par ... , true) |
+| memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:6:11:6:34 | url.par ... , true) |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:13:21:13:21 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:13:21:13:21 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:14:21:14:21 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:14:21:14:21 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:15:16:15:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:15:16:15:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:16:22:16:22 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:16:22:16:22 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:17:26:17:26 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:17:26:17:26 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:19:14:19:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:19:14:19:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:21:20:21:20 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:21:20:21:20 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:23:18:23:18 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:23:18:23:18 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:28:9:28:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:28:9:28:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:29:13:29:13 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:29:13:29:13 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:30:9:30:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:30:9:30:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:31:9:31:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:31:9:31:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:32:9:32:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:32:9:32:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:33:9:33:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:33:9:33:9 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:35:12:35:12 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:35:12:35:12 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:38:14:38:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:39:14:39:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:39:18:39:18 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:40:14:40:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:41:14:41:14 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:56:16:56:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:56:16:56:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:59:16:59:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:67:16:67:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:67:16:67:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:71:16:71:16 | n |
+| memory-exhaustion.js:7:7:7:21 | n | memory-exhaustion.js:71:16:71:16 | n |
+| memory-exhaustion.js:7:11:7:21 | parseInt(s) | memory-exhaustion.js:7:7:7:21 | n |
+| memory-exhaustion.js:7:20:7:20 | s | memory-exhaustion.js:7:11:7:21 | parseInt(s) |
+| memory-exhaustion.js:38:14:38:14 | n | memory-exhaustion.js:38:14:38:18 | n * x |
+| memory-exhaustion.js:38:14:38:14 | n | memory-exhaustion.js:38:14:38:18 | n * x |
+| memory-exhaustion.js:39:14:39:14 | n | memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:39:14:39:14 | n | memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:39:18:39:18 | n | memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:39:18:39:18 | n | memory-exhaustion.js:39:14:39:18 | n + n |
+| memory-exhaustion.js:40:14:40:14 | n | memory-exhaustion.js:40:14:40:18 | n + x |
+| memory-exhaustion.js:40:14:40:14 | n | memory-exhaustion.js:40:14:40:18 | n + x |
+| memory-exhaustion.js:41:14:41:14 | n | memory-exhaustion.js:41:14:41:18 | n + s |
+| memory-exhaustion.js:41:14:41:14 | n | memory-exhaustion.js:41:14:41:18 | n + s |
+| memory-exhaustion.js:42:14:42:14 | s | memory-exhaustion.js:42:14:42:18 | s + 2 |
+| memory-exhaustion.js:42:14:42:14 | s | memory-exhaustion.js:42:14:42:18 | s + 2 |
+| memory-exhaustion.js:46:24:46:24 | s | memory-exhaustion.js:46:14:46:25 | Math.ceil(s) |
+| memory-exhaustion.js:46:24:46:24 | s | memory-exhaustion.js:46:14:46:25 | Math.ceil(s) |
+| memory-exhaustion.js:47:21:47:21 | s | memory-exhaustion.js:47:14:47:22 | Number(s) |
+| memory-exhaustion.js:47:21:47:21 | s | memory-exhaustion.js:47:14:47:22 | Number(s) |
+| memory-exhaustion.js:50:14:50:14 | s | memory-exhaustion.js:50:14:50:25 | s + x.length |
+| memory-exhaustion.js:50:14:50:14 | s | memory-exhaustion.js:50:14:50:25 | s + x.length |
+| memory-exhaustion.js:51:14:51:14 | s | memory-exhaustion.js:51:14:51:21 | s.length |
+| memory-exhaustion.js:51:14:51:14 | s | memory-exhaustion.js:51:14:51:21 | s.length |
+| memory-exhaustion.js:59:7:59:20 | ns | memory-exhaustion.js:60:14:60:15 | ns |
+| memory-exhaustion.js:59:7:59:20 | ns | memory-exhaustion.js:60:14:60:15 | ns |
+| memory-exhaustion.js:59:12:59:20 | x ? n : s | memory-exhaustion.js:59:7:59:20 | ns |
+| memory-exhaustion.js:59:16:59:16 | n | memory-exhaustion.js:59:12:59:20 | x ? n : s |
+#select
+| memory-exhaustion.js:13:21:13:21 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:13:21:13:21 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:14:21:14:21 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:14:21:14:21 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:15:16:15:16 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:15:16:15:16 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:16:22:16:22 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:16:22:16:22 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:17:26:17:26 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:17:26:17:26 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:19:14:19:14 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:19:14:19:14 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:21:20:21:20 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:21:20:21:20 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:23:18:23:18 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:23:18:23:18 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:28:9:28:9 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:28:9:28:9 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:29:13:29:13 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:29:13:29:13 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:30:9:30:9 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:30:9:30:9 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:31:9:31:9 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:31:9:31:9 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:32:9:32:9 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:32:9:32:9 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:33:9:33:9 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:33:9:33:9 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:35:12:35:12 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:35:12:35:12 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:36:12:36:12 | s | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:36:12:36:12 | s | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:38:14:38:18 | n * x | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:38:14:38:18 | n * x | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:39:14:39:18 | n + n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:39:14:39:18 | n + n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:40:14:40:18 | n + x | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:40:14:40:18 | n + x | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:41:14:41:18 | n + s | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:41:14:41:18 | n + s | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:42:14:42:18 | s + 2 | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:42:14:42:18 | s + 2 | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:46:14:46:25 | Math.ceil(s) | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:46:14:46:25 | Math.ceil(s) | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:47:14:47:22 | Number(s) | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:47:14:47:22 | Number(s) | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:50:14:50:25 | s + x.length | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:50:14:50:25 | s + x.length | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:51:14:51:21 | s.length | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:51:14:51:21 | s.length | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:56:16:56:16 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:56:16:56:16 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:60:14:60:15 | ns | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:60:14:60:15 | ns | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:67:16:67:16 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:67:16:67:16 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |
+| memory-exhaustion.js:71:16:71:16 | n | memory-exhaustion.js:6:21:6:27 | req.url | memory-exhaustion.js:71:16:71:16 | n | This allocates an object with a user-controlled size from $@. | memory-exhaustion.js:6:21:6:27 | req.url | here |

javascript/ql/test/query-tests/Security/CWE-770/MemoryExhaustion.qlref

@@ -0,0 +1 @@
+Security/CWE-770/MemoryExhaustion.ql

javascript/ql/test/query-tests/Security/CWE-770/memory-exhaustion.js

@@ -0,0 +1,82 @@
+var http = require("http"),
+  url = require("url"),
+  fs = require("fs");
+
+var server = http.createServer(function(req, res) {
+  let s = url.parse(req.url, true).query.s;
+  let n = parseInt(s);
+
+  Buffer.from(s); // OK
+  Buffer.from(n); // OK
+  Buffer.from(x, n); // OK
+  Buffer.from(x, y, s); // NOT OK
+  Buffer.from(x, y, n); // NOT OK
+  Buffer.from(x, y, n); // NOT OK
+  Buffer.alloc(n); // NOT OK
+  Buffer.allocUnsafe(n); // NOT OK
+  Buffer.allocUnsafeSlow(n); // NOT OK
+
+  new Buffer(n); // NOT OK
+  new Buffer(x, n); // OK
+  new Buffer(x, y, n); // NOT OK
+
+  new SlowBuffer(n); // NOT OK
+
+  Array(n); // OK
+  new Array(n); // OK
+
+  Array(n).map(); // NOT OK
+  new Array(n).map(); // NOT OK
+  Array(n).fill(); // NOT OK
+  Array(n).join(); // NOT OK
+  Array(n).toString(); // NOT OK
+  Array(n) + x; // NOT OK
+
+  x.repeat(n); // NOT OK
+  x.repeat(s); // NOT OK
+
+  new Buffer(n * x); // NOT OK
+  new Buffer(n + n); // NOT OK
+  new Buffer(n + x); // NOT OK (maybe)
+  new Buffer(n + s); // OK [INCONSISTENCY]: this is  a string if `s` is a string
+  new Buffer(s + 2); // OK [INCONSISTENCY]: this is  a string if `s` is a string
+  new Buffer(s + s); // OK
+  new Buffer(n + "X"); // OK
+
+  new Buffer(Math.ceil(s)); // NOT OK
+  new Buffer(Number(s)); // NOT OK
+  new Buffer(new Number(s)); // OK
+
+  new Buffer(s + x.length); // OK [INCONSISTENCY]: this is a string if `s` is a string
+  new Buffer(s.length); // NOT OK
+
+  if (n < 100) {
+    new Buffer(n); // OK
+  } else {
+    new Buffer(n); // NOT OK
+  }
+
+  let ns = x ? n : s;
+  new Buffer(ns); // NOT OK
+
+  new Buffer(n.toString()); // OK
+
+  if (typeof n === "string") {
+    new Buffer(n); // OK
+  } else {
+    new Buffer(n); // NOT OK
+  }
+
+  if (typeof n === "number") {
+    new Buffer(n); // NOT OK
+  } else {
+    new Buffer(n); // OK
+  }
+
+  if (typeof s === "number") {
+    new Buffer(s); // NOT OK [INCONSISTENCY]
+  } else {
+    new Buffer(s); // OK
+  }
+
+});