Added test case for Array.prototype.toSorted, which is currently not flagged as a taint sink.

2026-04-24 08:15:14 +02:00 · 2024-11-08 13:37:34 +01:00
parent 7517ad3e4b
commit def8d75cb8
1 changed files with 4 additions and 0 deletions
--- a/javascript/ql/test/library-tests/TaintTracking/tst.js
+++ b/javascript/ql/test/library-tests/TaintTracking/tst.js
@@ -59,4 +59,8 @@ function test() {
    tagged`foo ${"safe"} bar ${x} baz`;

    sink(x.reverse()); // NOT OK
+
+    sink(x.toSorted()) // NOT OK
+    const xSorted = x.toSorted();
+    sink(xSorted) // NOT OK
 }