JS: Add tests showing missing taint flow

asgerf · asgerf · commit 079a622cf99c · 2024-08-27T11:35:23.000+02:00
When the spread argument itself is tained and not
inside any content, the read steps currently fail
to propagate the data.
diff --git a/javascript/ql/test/library-tests/TripleDot/tst.js b/javascript/ql/test/library-tests/TripleDot/tst.js
@@ -112,3 +112,29 @@ function t10() {
     }
     target(source('t10.1'), source('t10.2'), source('t10.3'));
 }
+
+function t11() {
+    function target(x, y) {
+        sink(x); // $ MISSING: hasTaintFlow=t11.1
+        sink(y); // $ MISSING: hasTaintFlow=t11.1
+    }
+    target(...source('t11.1'));
+}
+
+function t12() {
+    function target(x, y) {
+        sink(x);
+        sink(y); // $ MISSING: hasTaintFlow=t12.1
+    }
+    target("safe", ...source('t12.1'));
+}
+
+function t13() {
+    function target(x, y, ...rest) {
+        sink(x);
+        sink(y); // $ MISSING: hasTaintFlow=t13.1
+        sink(rest); // $ MISSING: hasTaintFlow=t13.1
+        sink(rest[0]); // $ MISSING: hasTaintFlow=t13.1
+    }
+    target("safe", ...source('t13.1'));
+}
