JS: Fix some bugs in a test case

asgerf · asgerf · commit b095fe2a1987 · 2025-02-28T13:27:59.000+01:00
'args' was a redeclared block-level variable, and 'myArgs' was not used when clearly intended to be used
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js
@@ -43,23 +43,23 @@ var server = http.createServer(function(req, res) {
     args[1] = cmd;
     cp.execFile("/bin/bash", args); // $ Alert
 
-    let args = [];
+    args = [];
     args[0] = "-c";
     args[1] = cmd;
     run("sh", args);
 
-    let args = [];
+    args = [];
     args[0] = `-` + "c";
     args[1] = cmd;
     cp.execFile(`/bin` + "/bash", args); // $ Alert
 
     cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // $ Alert
     cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // $ Alert
 
-	let myArgs = [];
+    let myArgs = [];
     myArgs.push(`-` + "c");
     myArgs.push(cmd);
-    cp.execFile(`/bin` + "/bash", args); // $ MISSING: Alert - no support for `[].push()` for indirect arguments
+    cp.execFile(`/bin` + "/bash", myArgs); // $ MISSING: Alert - no support for `[].push()` for indirect arguments
 
 });
 
