File tree Expand file tree Collapse file tree
javascript/ql/test/library-tests/TaintTracking Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ function test ( x ) {
2+ let taint = source ( ) ;
3+
4+ if ( / H e l l o ( .* ) / . exec ( taint ) ) {
5+ sink ( RegExp . $1 ) ; // NOT OK
6+ }
7+
8+ if ( / F o o ( .* ) / . exec ( x ) ) {
9+ sink ( RegExp . $1 ) ; // OK
10+ } else {
11+ sink ( RegExp . $1 ) ; // NOT OK - previous capture group remains
12+ }
13+
14+ if ( / H e l l o ( [ a - z A - Z ] + ) / . exec ( taint ) ) {
15+ sink ( RegExp . $1 ) ; // OK - capture group is sanitized
16+ } else {
17+ sink ( RegExp . $1 ) ; // NOT OK - original capture group possibly remains
18+ }
19+
20+ if ( / H e l l o ( .* ) / . exec ( taint ) && something ( ) ) {
21+ sink ( RegExp . $1 ) ; // NOT OK
22+ }
23+ if ( something ( ) && / H e l l o ( .* ) / . exec ( taint ) ) {
24+ sink ( RegExp . $1 ) ; // NOT OK
25+ }
26+ if ( / F i r s t ( .* ) / . exec ( taint ) || / S e c o n d ( .* ) / . exec ( taint ) ) {
27+ sink ( RegExp . $1 ) ; // NOT OK
28+ }
29+ }
30+
31+ function test2 ( x ) {
32+ var taint = source ( ) ;
33+ if ( something ( ) ) {
34+ if ( / H e l l o ( .* ) / . exec ( taint ) ) {
35+ something ( ) ;
36+ }
37+ }
38+ sink ( RegExp . $1 ) ; // NOT OK
39+ }
40+
41+ function replaceCallback ( ) {
42+ return source ( ) . replace ( / ( \w + ) / , ( ) => {
43+ sink ( RegExp . $1 ) ; // NOT OK
44+ } ) ;
45+ }
You can’t perform that action at this time.
0 commit comments