-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathtst.js
More file actions
22 lines (17 loc) · 869 Bytes
/
tst.js
File metadata and controls
22 lines (17 loc) · 869 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
import 'dummy';
function t1() {
const href = window.location.href;
sink(href); // $ flow=tainted-url-suffix
sink(href.split('#')[0]); // could be 'tainted-url-suffix', but omitted due to FPs from URI-encoding
sink(href.split('#')[1]); // $ flow=taint
sink(href.split('#').pop()); // $ flow=taint
sink(href.split('#')[2]); // $ MISSING: flow=taint // currently the split() summary only propagates to index 1
sink(href.split('?')[0]);
sink(href.split('?')[1]); // $ flow=taint
sink(href.split('?').pop()); // $ flow=taint
sink(href.split('?')[2]); // $ MISSING: flow=taint
sink(href.split(blah())[0]); // $ flow=tainted-url-suffix
sink(href.split(blah())[1]); // $ flow=tainted-url-suffix
sink(href.split(blah()).pop()); // $ flow=tainted-url-suffix
sink(href.split(blah())[2]); // $ flow=tainted-url-suffix
}