Added test case for Array.prototype.reverse, which is currently not flagged as a potential sink.

2026-04-26 17:25:19 +02:00 · 2024-11-08 12:23:21 +01:00
parent b0919ac6d9
commit 8026a99db7
1 changed files with 2 additions and 0 deletions
--- a/javascript/ql/test/library-tests/TaintTracking/tst.js
+++ b/javascript/ql/test/library-tests/TaintTracking/tst.js
@@ -57,4 +57,6 @@ function test() {
    }

    tagged`foo ${"safe"} bar ${x} baz`;
+
+    sink(x.reverse()); // NOT OK -- Should be caught but isn't
 }