JS: Update test externs and include array indices

asgerf · asgerf · commit 4bb2e8b637ad · 2020-06-11T09:53:55.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/DOM.qll b/javascript/ql/src/semmle/javascript/DOM.qll
@@ -309,6 +309,8 @@ module DOM {
           not read.mayHavePropertyName(_)
           or
           read.mayHavePropertyName(getADomPropertyName())
+          or
+          read.mayHavePropertyName(any(string s | exists(s.toInt())))
         )
         or
         this = domElementCreationOrQuery()
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/externs.js b/javascript/ql/test/query-tests/Security/CWE-079/externs.js
@@ -25,6 +25,24 @@
 function EventTarget() {}
 
 /**
- * @type {!EventTarget}
+ * Stub for the DOM hierarchy.
+ *
+ * @constructor
+ * @extends {EventTarget}
+ */
+function DomObjectStub() {}
+
+/**
+ * @type {!DomObjectStub}
+ */
+DomObjectStub.prototype.body;
+
+/**
+ * @type {!DomObjectStub}
+ */
+DomObjectStub.prototype.value;
+
+/**
+ * @type {!DomObjectStub}
  */
 var document;

Original file line number	Diff line number	Diff line change
`@@ -309,6 +309,8 @@ module DOM {`
`309`	`309`	`not read.mayHavePropertyName(_)`
`310`	`310`	`or`
`311`	`311`	`read.mayHavePropertyName(getADomPropertyName())`
	`312`	`+ or`
	`313`	`+ read.mayHavePropertyName(any(string s \| exists(s.toInt())))`
`312`	`314`	`)`
`313`	`315`	`or`
`314`	`316`	`this = domElementCreationOrQuery()`