hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add: String.protytpe.toWellFormed to StringManipulationTaintStep

Browse Source
This commit is contained in:
Napalys
2024-11-20 17:42:25 +01:00
parent 09f73d8d6f
commit afc2d3e6d2
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/library-tests/TaintTracking/string-immutable-operations.js
View File

@@ -1,12 +1,12 @@
function test() {
let x = source();
sink(x.toWellFormed()); // NOT OK -- Currently not tainted, but should be
sink(x.toWellFormed()); // NOT OK
const wellFormedX = x.toWellFormed();
sink(wellFormedX); // NOT OK -- Currently not tainted, but should be
sink(wellFormedX); // NOT OK
const concatWellFormedX = "/" + wellFormedX + "!";
sink(concatWellFormedX); // NOT OK -- Currently not tainted, but should be
sink(concatWellFormedX); // NOT OK
sink(source().toWellFormed()); // NOT OK -- Currently not tainted, but should be
sink(source().toWellFormed()); // NOT OK
}