mirror of
https://github.com/github/codeql.git
synced 2026-04-24 16:25:15 +02:00
JS: Fix handling of spread args on a bound function
This commit is contained in:
@@ -962,11 +962,14 @@ module API {
|
||||
}
|
||||
|
||||
private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) {
|
||||
exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke |
|
||||
exists(
|
||||
DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke, int spreadPos
|
||||
|
|
||||
use(base, use) and
|
||||
pred = trackUseNode(use, _, bound, "") and
|
||||
invoke = getAnInvocationWithSpread(pred, i) and
|
||||
spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow()
|
||||
invoke = getAnInvocationWithSpread(pred, spreadPos) and
|
||||
spreadArray = invoke.getArgument(spreadPos).(SpreadElement).getOperand().flow() and
|
||||
i = bound + spreadPos
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -18,3 +18,12 @@ function getArgs() {
|
||||
}
|
||||
|
||||
lib.m2(...getArgs());
|
||||
|
||||
function f3() {
|
||||
return [
|
||||
'x', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */
|
||||
'y', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */
|
||||
]
|
||||
}
|
||||
|
||||
lib.m3.bind(undefined, 1)(...f3());
|
||||
|
||||
Reference in New Issue
Block a user