mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
10a7294327
This adds Alert annotations for alerts that seem intentional by the test but has not been annotated with 'NOT OK', or the comment was in the wrong place. In a few cases I included 'Source' expectations to make it easier to see what happened. Other 'Source' expectations will be added in bulk a later commit.
70 lines
990 B
JavaScript
70 lines
990 B
JavaScript
var x;
|
|
|
|
function f(a) {
|
|
var sum = 0;
|
|
for (i=0; i<a.length; ++i) // $ Alert
|
|
sum += g(a[i]);
|
|
return sum;
|
|
}
|
|
|
|
function g(b) {
|
|
var prod = 1;
|
|
for (i=0; i<b.length; ++i) // $ Alert
|
|
prod *= b[i];
|
|
return prod;
|
|
}
|
|
|
|
function h() {
|
|
// OK - x is declared as a global in the same toplevel
|
|
x = 23;
|
|
y = 19; // $ Alert - y is not declared as a global in the same toplevel (though it is declared in test2.js)
|
|
// OK - console is live
|
|
console.log(x+y);
|
|
}
|
|
|
|
function k(x) {
|
|
try {
|
|
return x.y;
|
|
} catch(e) {
|
|
// OK - Error is not reachable (in our current CFG)
|
|
throw new Error();
|
|
}
|
|
}
|
|
|
|
function l() {
|
|
// OK - z is not used
|
|
z = 56;
|
|
}
|
|
|
|
function m() {
|
|
// OK - z is live
|
|
z += 23;
|
|
}
|
|
|
|
function n() {
|
|
// OK - z is live
|
|
z = z + 23;
|
|
}
|
|
|
|
function p() {
|
|
return (z = a[i]) && z+23; // $ Alert
|
|
}
|
|
|
|
function q() {
|
|
var x;
|
|
y = 23, // $ Alert
|
|
z = y+19;
|
|
}
|
|
|
|
function r() {
|
|
z = {}; // $ Alert
|
|
for (var p in z)
|
|
;
|
|
}
|
|
|
|
(function() {
|
|
for ([ unresolvable ] of o) { // $ Alert
|
|
unresolvable;
|
|
}
|
|
});
|