hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 09:40:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ecd229ce79da6920fa4683a3cb89aa4dc011310
codeql/javascript/ql/test/library-tests/Promises/flow2.js
Erik Krogh Kristensen e2cd7e6230 more precise taint-tracking for Promise.all
2020-05-15 22:02:41 +02:00

21 lines
574 B
JavaScript
Raw Blame History

(async function () {
var source = "source";
Promise.all([source, "clean"]).then((arr) => {
sink(arr); // OK
sink(arr[0]); // NOT OK
sink(arr[1]); // OK
})
var [clean, tainted] = await Promise.all(["clean", source]);
sink(clean); // OK
sink(tainted); // NOT OK
var [clean2, tainted2] = await Promise.resolve(Promise.all(["clean", source]));
sink(clean2); // OK
sink(tainted2); // NOT OK
var [clean3, tainted3] = await Promise.all(["clean", Promise.resolve(source)]);
sink(clean3); // OK
sink(tainted3); // NOT OK - but only flagged by taint-tracking
});
Reference in New Issue View Git Blame Copy Permalink