JS: Added test case which is not flagged but should be abusing new RegExp with global flag

Napalys · Napalys · commit 1c9e319ee84f · 2024-11-26T09:18:51.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -327,4 +327,8 @@ function incompleteComplexSanitizers() {
 		if (str === "\"")
 			return "&quot;";
 	}) + '"';
-}
+}
+
+function typicalBadHtmlSanitizers(s) {
+	s().replace(new RegExp("[<>]", "g"),''); // NOT OK -- should be not okay, but is not flagged
+}
