JS: Add test and comment for access path termination criteria

Author: asgerf

javascript/ql/src/semmle/javascript/frameworks/Vuex.qll

@@ -53,7 +53,8 @@ module Vuex {
   bindingset[base, prop]
   private string appendToNamespace(string base, string prop) {
     result = base + prop + "/" and
-    // Allow at most two occurrences of a given property name in the path
+    // To avoid constructing infinitely long access paths,
+    // allow at most two occurrences of a given property name in the path
     // (one in the base, plus the one we're appending now).
     count(base.indexOf("/" + prop + "/")) <= 1
   }

javascript/ql/test/library-tests/frameworks/Vuex/vuex.js

@@ -107,6 +107,14 @@ const Component = new Vue({
         },
         ...mapMutations({ sneakyTaint3: 'setTainted3' }),
         ...mapActions({ emitTaint4: 'doTaint4' }),
+        loopingState() {
+            // Make sure we do not fail by trying to compute infinitely long access paths.
+            // 'ref' can refer to state.foo, state.foo.foo, state.foo.foo.foo, and so on.
+            let ref = this.$store.state;
+            while (Math.random()) {
+                ref = ref.foo;
+            }
+        }
     }
 });