JS: Add test case for decorated parameter sinks

asgerf · asgerf · commit 3bcfca421f48 · 2022-03-29T15:55:43.000+02:00
diff --git a/javascript/ql/test/library-tests/frameworks/data/paramDecorator.ts b/javascript/ql/test/library-tests/frameworks/data/paramDecorator.ts
@@ -3,7 +3,11 @@ import * as testlib from 'testlib';
 // parameter decorators are only valid in TypeScript so this test is in a .ts file
 
 class C {
-  decoratedParamSource(@testlib.ParamDecorator x) {
+  decoratedParamSource(@testlib.ParamDecoratorSource x) {
     sink(x) // NOT OK
   }
+  decoratedParamSink(@testlib.ParamDecoratorSink x) { // NOT OK - though slightly weird alert location
+  }
 }
+
+new C().decoratedParamSink(source());
diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected
@@ -1,6 +1,7 @@
 consistencyIssue
 taintFlow
-| paramDecorator.ts:6:48:6:48 | x | paramDecorator.ts:7:10:7:10 | x |
+| paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x |
+| paramDecorator.ts:13:28:13:35 | source() | paramDecorator.ts:9:50:9:50 | x |
 | test.js:5:30:5:37 | source() | test.js:5:8:5:38 | testlib ... urce()) |
 | test.js:6:22:6:29 | source() | test.js:6:8:6:30 | preserv ... urce()) |
 | test.js:7:41:7:48 | source() | test.js:7:8:7:49 | require ... urce()) |
@@ -56,6 +57,7 @@ taintFlow
 | test.js:187:31:187:31 | x | test.js:189:10:189:10 | x |
 | test.js:203:32:203:39 | source() | test.js:203:32:203:39 | source() |
 isSink
+| paramDecorator.ts:9:50:9:50 | x | test-sink |
 | test.js:54:18:54:25 | source() | test-sink |
 | test.js:55:22:55:29 | source() | test-sink |
 | test.js:57:24:57:31 | source() | test-sink |
diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ql b/javascript/ql/test/library-tests/frameworks/data/test.ql
@@ -37,6 +37,7 @@ class Sinks extends ModelInput::SinkModelCsv {
         "testlib;;Member[FieldDecoratorSink].DecoratedMember;test-sink",
         "testlib;;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",
         "testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",
+        "testlib;;Member[ParamDecoratorSink].DecoratedParameter;test-sink",
       ]
   }
 }
@@ -48,7 +49,7 @@ class Sources extends ModelInput::SourceModelCsv {
         "testlib;;Member[getSource].ReturnValue;test-source",
         "testlib;;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",
         "testlib;;Member[FieldDecoratorSource].DecoratedMember;test-source",
-        "testlib;;Member[ParamDecorator].DecoratedParameter;test-source",
+        "testlib;;Member[ParamDecoratorSource].DecoratedParameter;test-source",
         "testlib;;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",
         "testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",
       ]

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,11 @@ import * as testlib from 'testlib';`
`3`	`3`	`// parameter decorators are only valid in TypeScript so this test is in a .ts file`
`4`	`4`
`5`	`5`	`class C {`
`6`		`- decoratedParamSource(@testlib.ParamDecorator x) {`
	`6`	`+ decoratedParamSource(@testlib.ParamDecoratorSource x) {`
`7`	`7`	`sink(x) // NOT OK`
`8`	`8`	`}`
	`9`	`+ decoratedParamSink(@testlib.ParamDecoratorSink x) { // NOT OK - though slightly weird alert location`
	`10`	`+ }`
`9`	`11`	`}`
	`12`	`+`
	`13`	`+new C().decoratedParamSink(source());`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ class Sinks extends ModelInput::SinkModelCsv {`
`37`	`37`	`"testlib;;Member[FieldDecoratorSink].DecoratedMember;test-sink",`
`38`	`38`	`"testlib;;Member[MethodDecorator].DecoratedMember.ReturnValue;test-sink",`
`39`	`39`	`"testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.ReturnValue;test-sink",`
	`40`	`+ "testlib;;Member[ParamDecoratorSink].DecoratedParameter;test-sink",`
`40`	`41`	`]`
`41`	`42`	`}`
`42`	`43`	`}`
`@@ -48,7 +49,7 @@ class Sources extends ModelInput::SourceModelCsv {`
`48`	`49`	`"testlib;;Member[getSource].ReturnValue;test-source",`
`49`	`50`	`"testlib;;Member[ClassDecorator].DecoratedClass.Instance.Member[inputIsSource].Parameter[0];test-source",`
`50`	`51`	`"testlib;;Member[FieldDecoratorSource].DecoratedMember;test-source",`
`51`		`- "testlib;;Member[ParamDecorator].DecoratedParameter;test-source",`
	`52`	`+ "testlib;;Member[ParamDecoratorSource].DecoratedParameter;test-source",`
`52`	`53`	`"testlib;;Member[MethodDecorator].DecoratedMember.Parameter[0];test-source",`
`53`	`54`	`"testlib;;Member[MethodDecoratorWithArgs].ReturnValue.DecoratedMember.Parameter[0];test-source",`
`54`	`55`	`]`