hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.3
codeql/javascript/ql/test/query-tests/React/InconsistentStateUpdate/tst.js
Asger F 86932c51bc JS: Move some alerts to their correct location 
One of the diffs look confusing but:
Previously parameter {2,3} where flagged, now parameter {1,2} are flagged.

Note that for command injection, the SystemCommandExecution is flagged
despite the test file claiming otherwise.
2025-02-28 13:27:40 +01:00

113 lines
2.0 KiB
JavaScript
Raw Permalink Blame History

class C1 extends React.Component {
upd8() {
this.setState({
counter: this.state.counter + 1 // OK - ignored because it is safe in practice
});
}
}
class C2 extends React.Component {
upd8() {
this.setState((prevState) => {
counter: prevState.counter + 1
});
}
}
class C3 extends React.Component {
upd8() {
var app = this;
app.setState({
counter: this.state.counter + 1 // OK - ignored because it is safe in practice
});
}
}
class C4 extends React.Component {
upd8() {
this.setState({
counter: this.state.foo
}); // $ Alert
}
}
class C5 extends React.Component {
upd8() {
this.setState({
foo: { bar: this.state.foo.bar }
}); // $ Alert
}
}
class C7 extends React.Component {
upd8a() {
this.setState({
foo: this.state.foo
}); // $ Alert
}
upd8b() {
this.setState({
foo: this.state.foo
}); // $ Alert
}
}
class C8 extends React.Component {
upd8a() {
this.setState({
foo: this.state.foo + 1
}); // $ Alert
}
upd8b() {
this.setState({
foo: this.state.foo + 1
}); // $ Alert
}
}
class C9 extends React.Component {
upd8a() {
this.setState({
foo: { bar: this.state.foo.bar }
}); // $ Alert
}
upd8b() {
this.setState({
foo: { bar: this.state.foo.bar }
}); // $ Alert
}
}
class C10 extends React.Component {
upd8a() {
this.setState({
foo: this.state.foo,
bar: this.state.bar // OK - ignored because it is safe in practice
}); // $ Alert
}
upd8b() {
this.setState({
foo: this.state.foo
}); // $ Alert
}
}
class C11 extends React.Component {
upd8a() {
var self = this;
self.setState({
foo: self.state.foo
}); // $ Alert
}
upd8b() {
this.setState({
foo: this.state.foo
}); // $ Alert
}
}
Reference in New Issue View Git Blame Copy Permalink