JS: Add reproduction test case

asgerf · asgerf · commit 025cfe4064bf · 2022-12-05T15:11:43.000+01:00
diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -171,6 +171,7 @@ typeInferenceMismatch
 | promise.js:5:25:5:32 | source() | promise.js:5:8:5:33 | bluebir ... urce()) |
 | promise.js:10:24:10:31 | source() | promise.js:10:8:10:32 | Promise ... urce()) |
 | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise |
+| refinement-sanitizer.js:19:17:19:24 | source() | refinement-sanitizer.js:33:10:33:21 | array.join() |
 | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data |
 | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x |
 | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x |
diff --git a/javascript/ql/test/library-tests/TaintTracking/refinement-sanitizer.js b/javascript/ql/test/library-tests/TaintTracking/refinement-sanitizer.js
@@ -0,0 +1,34 @@
+import * as dummy from 'dummy';
+
+function oneUse() {
+    let taint = source();
+
+    if (!isSafe(taint)) {
+        return;
+    }
+
+    let array = [];
+    if (taint) {
+        array.push(taint);
+    }
+
+    sink(array.join()); // OK
+}
+
+function secondUse() {
+    let taint = source();
+
+    if (!isSafe(taint)) {
+        return;
+    }
+
+    let array = [];
+    if (taint) {
+        array.push(taint);
+    }
+    if (taint) {
+        array.push(taint);
+    }
+
+    sink(array.join()); // OK
+}
