hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test for flow through Buffer.concat

Browse Source 
This flow was lost since the existing model of concat() boxes its return value in ArrayElement. There is no explicit model of Buffer.concat.
This commit is contained in:
Asger F
2025-02-17 11:12:33 +01:00
parent d79f429978
commit e8d1703224
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/test/library-tests/TripleDot/buffer.js Normal file
View File

@@ -0,0 +1,7 @@
import 'dummy';
function t1() {
const b1 = Buffer.from(source("t1.1"));
const b2 = Buffer.from(source("t1.2"));
sink(Buffer.concat([b1, b2]).toString("utf8")); // $ MISSING: hasTaintFlow=t1.1 hasTaintFlow=t1.2
}