Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 55d4e7e

Browse files
asgerfasgerf
committed
JS: Use ArrayElementKnown when reading a constant array index
1 parent 094112c commit 55d4e7e

2 files changed

Lines changed: 10 additions & 5 deletions

File tree

javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1103,7 +1103,12 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
11031103
node1 = read.getBase() and
11041104
node2 = read
11051105
|
1106-
c.asPropertyName() = read.getPropertyName()
1106+
exists(PropertyName name | read.getPropertyName() = name |
1107+
not exists(name.asArrayIndex()) and
1108+
c = ContentSet::property(name)
1109+
or
1110+
c = ContentSet::arrayElementKnown(name.asArrayIndex())
1111+
)
11071112
or
11081113
not exists(read.getPropertyName()) and
11091114
c = ContentSet::arrayElement()

javascript/ql/test/library-tests/TripleDot/tst.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ function t13() {
134134
sink(x); // $ SPURIOUS: hasTaintFlow=t13.1
135135
sink(y); // $ hasTaintFlow=t13.1
136136
sink(rest); // $ hasTaintFlow=t13.1
137-
sink(rest[0]); // $ MISSING: hasTaintFlow=t13.1
137+
sink(rest[0]); // $ hasTaintFlow=t13.1
138138
}
139139
target("safe", ...source('t13.1'));
140140
}
@@ -167,8 +167,8 @@ function t15() {
167167
function t16() {
168168
let array = new Array(Math.floor(Math.random() * 10))
169169
array.push(source("t16.1"));
170-
sink(array[0]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
171-
sink(array[1]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
172-
sink(array[2]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
170+
sink(array[0]); // $ hasValueFlow=t16.1
171+
sink(array[1]); // $ hasValueFlow=t16.1
172+
sink(array[2]); // $ hasValueFlow=t16.1
173173
sink(array); // $ hasTaintFlow=t16.1
174174
}

0 commit comments

Comments
 (0)