add test of a length check

erik-krogh · erik-krogh · commit dd28157d0a04 · 2022-04-13T09:43:21.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/resource-exhaustion.js b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/resource-exhaustion.js
@@ -84,4 +84,11 @@ var server = http.createServer(function(req, res) {
   setInterval(f, s); // NOT OK
 
   Buffer.alloc(n.length); // OK - only allocing as much as the length of the input.
+
+  Buffer.alloc(n); // NOT OK
+  if (n < 1000) {
+    Buffer.alloc(n); // OK - length check
+  } else {
+    Buffer.alloc(n); // NOT OK - NO length check
+  }
 });
