hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Explain false positive in test case

Browse Source
This commit is contained in:
Asger F
2024-10-08 09:04:06 +02:00
parent e05e077b33
commit bd94fe1574
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/library-tests/TripleDot/useuse.js
View File

@@ -163,6 +163,8 @@ function t9() { // same as t8 but with a SanitizerGuard that isn't just a variab
}
if (typeof obj === "undefined" || typeof obj === "undefined") {
// The shared SSA library expects short-circuiting operators be pre-order in the CFG,
// but in JS they are post-order (as per evaluation order).
sink(obj.field); // $ SPURIOUS: hasTaintFlow=t9.1
} else {
sink(obj.field); // $ hasTaintFlow=t9.1