hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/library-tests/TripleDot/arrays.js
Asger F 08b9d934c0 JS: Add a negative test
2025-02-17 11:37:44 +01:00

47 lines
2.2 KiB
JavaScript
Raw Blame History

import 'dummy';
function shiftKnown() {
let array = [source('shift.1'), source('shift.2')];
sink(array.shift()); // $ hasValueFlow=shift.1
sink(array.shift()); // $ SPURIOUS: hasValueFlow=shift.1 MISSING: hasValueFlow=shift.2
}
function shiftUnknown() {
const array = new Array(Math.floor(Math.random() * 10));
array.push(source('shift.unkn'));
sink(array.shift()); // $ hasValueFlow=shift.unkn
sink(array.shift()); // $ hasValueFlow=shift.unkn
sink(array.shift()); // $ hasValueFlow=shift.unkn
}
function shiftTaint() {
const array = source('shift.directly-tainted');
sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted
sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted
sink(array.shift()); // $ hasTaintFlow=shift.directly-tainted
}
function implicitToString() {
const array = [source('implicitToString.1')];
array.push(source('implicitToString.2'))
sink(array + "foo"); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink("foo" + array); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink("" + array); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(array + 1); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(1 + array); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(unknown() + array); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(array + unknown()); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(`${array}`); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(`${array} foo`); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(String(array)); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(array.toString()); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(array.toString("utf8")); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(Array.prototype.toString.call(array)); // $ hasTaintFlow=implicitToString.1 hasTaintFlow=implicitToString.2
sink(Object.prototype.toString.call(array)); // OK - returns "[object Array]"
}
Reference in New Issue View Git Blame Copy Permalink