hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8546 from github/jhelie/enforce-unknown-incompatibiliy-with-notasink

Browse Source 
ML: add defensive check to ensure Unknown endpoints cannot also be NotASink
This commit is contained in:
Jean Helie
2022-04-14 11:21:18 +02:00
committed by GitHub
parent c3f1fba985 1e39a9caae
commit d094bbc06d
5 changed files with 191 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointData.qll
View File

@@ -75,7 +75,11 @@ private DataFlow::Node getANotASink(NotASinkReason reason) {
*/
private DataFlow::Node getAnUnknown(Query query) {
getAtmCfg(query).isEffectiveSink(result) and
// Effective sinks should exclude sinks but this is a defensive requirement
not result = getASink(query) and
// Effective sinks should exclude NotASink but for some queries (e.g. Xss) this is currently not always the case and
// so this is a defensive requirement
not result = getANotASink(_) and
// Only consider the source code for the project being analyzed.
exists(result.getFile().getRelativePath())
}

60
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointData.expected
View File

@@ -251,6 +251,50 @@ endpoints
| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
tokenFeatures
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | argumentIndex | 0 |
| applications/examples/static/epydoc/epydoc.js:2:15:2:33 | "Should be ignored" | calleeAccessPath | |
@@ -412,3 +456,19 @@ tokenFeatures
| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
| index.js:78:30:78:39 | "someData" | receiverName | console |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | argumentIndex | 0 |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPath | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPathWithStructuralInfo | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeApiName | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeName | ajax |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ |
| index.js:84:12:84:18 | foo.bar | argumentIndex | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPath | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo | |
| index.js:84:12:84:18 | foo.bar | calleeApiName | |
| index.js:84:12:84:18 | foo.bar | calleeName | |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:84:12:84:18 | foo.bar | receiverName | |

60
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataEvaluation.expected
View File

@@ -231,6 +231,50 @@ endpoints
| index.js:78:30:78:39 | "someData" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:78:30:78:39 | "someData" | Xss | notASinkReason | LoggerMethod | string |
| index.js:78:30:78:39 | "someData" | Xss | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
tokenFeatures
| index.js:1:25:1:33 | "express" | argumentIndex | 0 |
| index.js:1:25:1:33 | "express" | calleeAccessPath | |
@@ -384,3 +428,19 @@ tokenFeatures
| index.js:78:30:78:39 | "someData" | enclosingFunctionBody | console log someData |
| index.js:78:30:78:39 | "someData" | enclosingFunctionName | identity#functionalargument |
| index.js:78:30:78:39 | "someData" | receiverName | console |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | argumentIndex | 0 |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPath | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPathWithStructuralInfo | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeApiName | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeName | ajax |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ |
| index.js:84:12:84:18 | foo.bar | argumentIndex | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPath | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo | |
| index.js:84:12:84:18 | foo.bar | calleeApiName | |
| index.js:84:12:84:18 | foo.bar | calleeName | |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:84:12:84:18 | foo.bar | receiverName | |

60
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
View File

@@ -31,6 +31,50 @@ endpoints
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isConstantExpression | false | boolean |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | NosqlInjection | sinkLabel | Sink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | NosqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | SqlInjection | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | TaintedPath | sinkLabel | NotASink | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | hasFlowFromSource | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isConstantExpression | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | ClientRequest | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | notASinkReason | JQueryArgument | string |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | Xss | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | NosqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | SqlInjection | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | SqlInjection | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | TaintedPath | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | TaintedPath | sinkLabel | NotASink | string |
| index.js:84:12:84:18 | foo.bar | Xss | hasFlowFromSource | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isConstantExpression | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
| index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
| index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
tokenFeatures
| index.js:9:15:9:45 | { 'isAd ... Admin } | argumentIndex | 0 |
| index.js:9:15:9:45 | { 'isAd ... Admin } | calleeAccessPath | mongoose model find |
@@ -64,3 +108,19 @@ tokenFeatures
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionBody | User find UNDEFINED_GLOBAL |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | enclosingFunctionName | notConstantExpression |
| index.js:28:13:28:28 | UNDEFINED_GLOBAL | receiverName | User |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | argumentIndex | 0 |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPath | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeAccessPathWithStructuralInfo | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeApiName | |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | calleeName | ajax |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:83:10:85:3 | {\\n " ... ar,\\n } | receiverName | $ |
| index.js:84:12:84:18 | foo.bar | argumentIndex | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPath | |
| index.js:84:12:84:18 | foo.bar | calleeAccessPathWithStructuralInfo | |
| index.js:84:12:84:18 | foo.bar | calleeApiName | |
| index.js:84:12:84:18 | foo.bar | calleeName | |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionBody | foo $ ajax url foo bar |
| index.js:84:12:84:18 | foo.bar | enclosingFunctionName | effectiveSinkAndNotASink |
| index.js:84:12:84:18 | foo.bar | receiverName | |

7
javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/index.js
View File

@@ -77,3 +77,10 @@ function veryLongFunctionBody() {
// We should name the anonymous function here that's passed as an argument to `identity`.
identity(() => console.log("someData"));
}
function effectiveSinkAndNotASink(foo) {
$.ajax({
"url": foo.bar,
});
}