Fixup test case

asgerf · asgerf · commit af3c341bfb4e · 2024-08-19T14:06:32.000+02:00
diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
@@ -33,7 +33,7 @@ legacyDataFlowDifference
 | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library |
 | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | only flow with OLD data flow library |
-| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:13:10:13:10 | x | only flow with NEW data flow library |
+| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 consistencyIssue
 | library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency |
 | library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency |
@@ -291,7 +291,7 @@ flow
 | tst.js:2:13:2:20 | source() | tst.js:48:10:48:22 | new Buffer(x) |
 | tst.js:2:13:2:20 | source() | tst.js:51:10:51:31 | seriali ... ript(x) |
 | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe |
-| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:13:10:13:10 | x |
+| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |
 | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text |
 | xml.js:12:17:12:24 | source() | xml.js:13:14:13:19 | result |
 | xml.js:23:18:23:25 | source() | xml.js:20:14:20:17 | attr |
diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
@@ -24,7 +24,7 @@ legacyDataFlowDifference
 | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library |
-| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:13:10:13:10 | x | only flow with NEW data flow library |
+| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 flow
 | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x |
 | advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v |
@@ -182,4 +182,4 @@ flow
 | tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary |
 | tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary |
 | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe |
-| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:13:10:13:10 | x |
+| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |
diff --git a/javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js b/javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js
@@ -1,12 +1,14 @@
 import 'dummy';
 
-function f() {
+function f(x) {
     let captured;
-    function inner() { captured = "sdf"; return captured; }
+    function inner() { captured; captured = "sdf"; }
 
-    captured = [source(), "safe"];
+    captured = [source(), "safe", x];
     sink(captured); // NOT OK [INCONSISTENCY] - no implicit read of ArrayElement
-    g.apply(undefined, captured);
+    g.apply(undefined, captured); // with use-use flow the output of an implicit read might flow here
+
+    return captured;
 }
 
 function g(x, y) {
