hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/library-tests/TaintTracking/array-mutation.js
Asger Feldthaus bd3f6d1234 JS: Add o[o.length] = y taint step
2021-03-25 09:00:10 +00:00

42 lines
665 B
JavaScript
Raw Permalink Blame History

function test(x, y) {
let a = [];
a.splice(source(), x);
sink(a); // OK
let b = [];
b.splice(x, source());
sink(b); // OK
let c = [];
c.splice(source(), x, y);
sink(c); // OK
let d = [];
d.splice(x, source(), y);
sink(d); // OK
let e = [];
e.splice(x, y, source());
sink(e); // NOT OK
let f = [];
f.push(...source());
sink(f); // NOT OK
let g = [];
g.unshift(...source());
sink(g); // NOT OK
let h = [];
Array.prototype.push.apply(h, source());
sink(h); // NOT OK
let i = [];
Array.prototype.unshift.apply(i, source());
sink(i); // NOT OK
let j = [];
j[j.length] = source();
sink(j); // NOT OK
}
Reference in New Issue View Git Blame Copy Permalink