Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c051b4c

Browse files
asgerfasgerf
committed
JS: Add spurious alert marker
1 parent b095fe2 commit c051b4c

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

  • javascript/ql/test/query-tests/Security/CWE-089/untyped

javascript/ql/test/query-tests/Security/CWE-089/untyped/pg-promise.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ require('express')().get('/foo', (req, res) => {
3939
req.params.id, // $ Alert
4040
req.params.name, // $ Alert
4141
req.params.foo, // OK - not using raw interpolation
42-
]
42+
] // $ SPURIOUS: Alert - implicit reads causes flow here in addition to the individual array elements
4343
});
4444
db.one({
4545
text: 'SELECT * FROM news where id = ${id}:raw AND name = ${name}',

0 commit comments

Comments
 (0)