JS: Added test case for bad sanitizer with unknown flags, currently not flagged.

Napalys · Napalys · commit 60e6ac2ef263 · 2024-11-26T09:35:27.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -332,3 +332,7 @@ function incompleteComplexSanitizers() {
 function typicalBadHtmlSanitizers(s) {
 	s().replace(new RegExp("[<>]", "g"),''); // NOT OK
 }
+
+function typicalBadHtmlSanitizers(s) {
+	s().replace(new RegExp("[<>]", unknown()),''); // NOT OK -- should be flagged, because it is st ill a bad sanitizer
+}

Original file line number	Diff line number	Diff line change
`@@ -332,3 +332,7 @@ function incompleteComplexSanitizers() {`
`332`	`332`	`function typicalBadHtmlSanitizers(s) {`
`333`	`333`	`s().replace(new RegExp("[<>]", "g"),''); // NOT OK`
`334`	`334`	`}`
	`335`	`+`
	`336`	`+function typicalBadHtmlSanitizers(s) {`
	`337`	`+ s().replace(new RegExp("[<>]", unknown()),''); // NOT OK -- should be flagged, because it is st ill a bad sanitizer`
	`338`	`+}`