add taint step through flatten libraries

2026-04-30 19:26:02 +02:00 · 2021-07-15 12:36:07 +02:00
parent 77f4d56cd9
commit d2c74480b9
4 changed files with 26 additions and 1 deletions
--- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -15,6 +15,7 @@ typeInferenceMismatch
 | arrays.js:2:15:2:22 | source() | arrays.js:5:10:5:20 | arrify(foo) |
 | arrays.js:2:15:2:22 | source() | arrays.js:8:10:8:22 | arrayIfy(foo) |
 | arrays.js:2:15:2:22 | source() | arrays.js:11:10:11:28 | union(["bla"], foo) |
+| arrays.js:2:15:2:22 | source() | arrays.js:14:10:14:18 | flat(foo) |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:4:8:4:8 | x |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x |
 | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x |
--- a/javascript/ql/test/library-tests/TaintTracking/arrays.js
+++ b/javascript/ql/test/library-tests/TaintTracking/arrays.js
@@ -9,4 +9,7 @@ function test() {

    const union = require("array-union");
    sink(union(["bla"], foo)); // NOT OK
+
+    const flat = require("arr-flatten");
+    sink(flat(foo)); // NOT OK
 }