mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
JS: Add another test and TODO about an issue with constant array indices
This commit is contained in:
@@ -255,7 +255,10 @@ module Public {
|
||||
Content asSingleton() { this = MkSingletonContent(result) }
|
||||
|
||||
/** Gets the property name to be accessed. */
|
||||
PropertyName asPropertyName() { result = this.asSingleton().asPropertyName() }
|
||||
PropertyName asPropertyName() {
|
||||
// TODO: array indices should be mapped to a ContentSet that also reads from UnknownArrayElement
|
||||
result = this.asSingleton().asPropertyName()
|
||||
}
|
||||
|
||||
/** Gets the array index to be accessed. */
|
||||
int asArrayIndex() { result = this.asSingleton().asArrayIndex() }
|
||||
|
||||
@@ -163,3 +163,12 @@ function t15() {
|
||||
args.push(source('t15.1'));
|
||||
target('safe', ...args);
|
||||
}
|
||||
|
||||
function t16() {
|
||||
let array = new Array(Math.floor(Math.random() * 10))
|
||||
array.push(source("t16.1"));
|
||||
sink(array[0]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
|
||||
sink(array[1]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
|
||||
sink(array[2]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
|
||||
sink(array); // $ hasTaintFlow=t16.1
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user