hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6266dab5187ee0b3888b389284e48c62e254dd22
codeql/javascript/ql/test/library-tests/TaintTracking/tst.js

63 lines
1.3 KiB
JavaScript
Raw Blame History

function test() {
let x = source();
sink(x); // NOT OK
sink("/" + x + "!"); // NOT OK
sink(x == null); // OK
sink(x == undefined); // OK
sink(x == 1); // OK
sink(x === 1); // OK
sink(undefined == x); // OK
sink(x === x); // OK
sink(x.sort()); // NOT OK
var a = [];
sink(a); // NOT OK (flow-insensitive treatment of `a`)
a.push(x);
sink(a); // NOT OK
var b = [];
b.unshift(x);
sink(b); // NOT OK
sink(x.pop()); // NOT OK
sink(x.shift()); // NOT OK
sink(x.slice()); // NOT OK
sink(x.splice()); // NOT OK
sink(Array.from(x)); // NOT OK
x.map((elt, i, ary) => {
sink(elt); // NOT OK
sink(i); // OK
sink(ary); // NOT OK
});
x.forEach((elt, i, ary) => {
sink(elt); // NOT OK
sink(i); // OK
sink(ary); // NOT OK
});
sink(innocent.map(() => x)); // NOT OK
sink(x.map(x2 => x2)); // NOT OK
sink(Buffer.from(x, 'hex')); // NOT OK
sink(new Buffer(x)); // NOT OK
const serializeJavaScript = require("serialize-javascript");
sink(serializeJavaScript(x)) // NOT OK
function tagged(strings, safe, unsafe) {
sink(unsafe) // NOT OK
sink(safe) // OK
sink(strings) // OK
}
tagged`foo ${"safe"} bar ${x} baz`;
sink(x.reverse()); // NOT OK
}
Reference in New Issue View Git Blame Copy Permalink