JS: Add another test and TODO about an issue with constant array indices

Author: asgerf

javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll

@@ -255,7 +255,10 @@ module Public {
     Content asSingleton() { this = MkSingletonContent(result) }
 
     /** Gets the property name to be accessed. */
-    PropertyName asPropertyName() { result = this.asSingleton().asPropertyName() }
+    PropertyName asPropertyName() {
+      // TODO: array indices should be mapped to a ContentSet that also reads from UnknownArrayElement
+      result = this.asSingleton().asPropertyName()
+    }
 
     /** Gets the array index to be accessed. */
     int asArrayIndex() { result = this.asSingleton().asArrayIndex() }

javascript/ql/test/library-tests/TripleDot/tst.js

@@ -163,3 +163,12 @@ function t15() {
     args.push(source('t15.1'));
     target('safe', ...args);
 }
+
+function t16() {
+    let array = new Array(Math.floor(Math.random() * 10))
+    array.push(source("t16.1"));
+    sink(array[0]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
+    sink(array[1]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
+    sink(array[2]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
+    sink(array); // $ hasTaintFlow=t16.1
+}