JS: Add test to restrict dependencies

2026-04-26 17:25:19 +02:00 · 2024-11-29 10:45:10 +01:00
parent 2f0c80a98b
commit 9c6b6981e2
2 changed files with 20 additions and 0 deletions
--- a/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.expected
+++ b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.expected
@@ -0,0 +1 @@
+| pass |
--- a/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.ql
+++ b/javascript/ql/test/library-tests/TypeTracking2/DependencyRestriction.ql
@@ -0,0 +1,19 @@
+/**
+ * Test that fails with a compilation error if `getACallSimple` depends on the call graph.
+ * To do this, we add a negative dependency from the call graph to `getACallSimple`.
+ */
+
+import javascript
+import semmle.javascript.dataflow.internal.StepSummary
+import semmle.javascript.dataflow.FlowSummary
+
+class NegativeDependency extends DataFlow::SharedTypeTrackingStep {
+  override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(SummarizedCallable callable |
+      not exists(callable.getACallSimple()) and
+      node1 = node2
+    )
+  }
+}
+
+select "pass"