JS: Add test to show lack of unknown array element being propagated

asgerf · asgerf · commit 379c7ef20a69 · 2024-09-06T08:43:08.000+02:00
diff --git a/javascript/ql/test/library-tests/TripleDot/tst.js b/javascript/ql/test/library-tests/TripleDot/tst.js
@@ -138,3 +138,28 @@ function t13() {
     }
     target("safe", ...source('t13.1'));
 }
+
+function t14() {
+    function target(x, y, ...rest) {
+        sink(x); // $ hasValueFlow=t14.1
+        sink(y); // $ hasValueFlow=t14.1
+        sink(rest.pop()); // $ hasValueFlow=t14.1
+        sink(rest); // $ hasTaintFlow=t14.1
+    }
+    const args = new Array(Math.floor(Math.random() * 10));
+    args.push(source('t14.1'));
+    target(...args);
+}
+
+function t15() {
+    function target(safe, x, y, ...rest) {
+        sink(safe); // $ SPURIOUS: hasTaintFlow=t15.1
+        sink(x); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
+        sink(y); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
+        sink(rest.pop()); // $ MISSING: hasValueFlow=t15.1 SPURIOUS: hasTaintFlow=t15.1
+        sink(rest); // $ hasTaintFlow=t15.1
+    }
+    const args = new Array(Math.floor(Math.random() * 10));
+    args.push(source('t15.1'));
+    target('safe', ...args);
+}
