JavaScript: Teach ShiftOutOfRange about BigInt.

Max Schaefer · Max Schaefer · commit e35fde322b1c · 2019-06-26T09:16:34.000-07:00
diff --git a/change-notes/1.22/analysis-javascript.md b/change-notes/1.22/analysis-javascript.md
@@ -21,7 +21,7 @@
 
 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
-
+| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |
 
 ## Changes to QL libraries
 
diff --git a/javascript/ql/src/Expressions/ShiftOutOfRange.qhelp b/javascript/ql/src/Expressions/ShiftOutOfRange.qhelp
@@ -14,7 +14,9 @@ greater than 31, the left operand is actually only shifted by that value modulo
 
 <p>
 Use standard library functions such as <code>Math.pow</code> to perform the required
-shifting.
+shifting. Alternatively, you can use the
+<a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt">BigInt</a>
+type if it is available on your platform.
 </p>
 
 </recommendation>
diff --git a/javascript/ql/src/Expressions/ShiftOutOfRange.ql b/javascript/ql/src/Expressions/ShiftOutOfRange.ql
@@ -1,7 +1,7 @@
 /**
  * @name Shift out of range
- * @description The shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
- *              right operand into account. Thus, it is not possible to shift by more than 31 bits.
+ * @description The integer shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
+ *              right operand into account. Thus, it is not possible to shift an integer by more than 31 bits.
  * @kind problem
  * @problem.severity error
  * @id js/shift-out-of-range
@@ -14,5 +14,7 @@
 import javascript
 
 from ShiftExpr shift
-where shift.getRightOperand().getIntValue() > 31
+where
+  shift.getRightOperand().getIntValue() > 31 and
+  not shift.getRightOperand().stripParens() instanceof BigIntLiteral
 select shift, "Shift out of range."
diff --git a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js
@@ -1 +1,4 @@
-var n = 1<<40;
+var n = 1<<40; // NOT OK
+var n2 = BigInt(1) << 40n; // OK
+
+// semmle-extractor-options: --experimental
