codeql/arguments.js at move-cors-query-from-experimental2 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Files

Max Schaefer 9d3a9d71f1 JavaScript: Add basic support for reasoning about reflective parameter accesses.

Currently, only `arguments[c]` for a constant value `c` is supported.

This allows us to detect the prototype-pollution vulnerabilities in (old versions of) `extend`, `jquery`, and `node.extend`.

2020-05-26 09:59:29 +01:00

13 lines

293 B

JavaScript

Raw Permalink Blame History

 (function() {
     function f(x) {
         let firstArg = x;
         let alsoFirstArg = arguments[0];
         let secondArg = arguments[1];
         let args = arguments;
         let thirdArg = args[2];
         arguments = {};
         let notFirstArg = arguments[0];
     }
     f(1, 2, 3);
 })();