JS: add comment about arrays

asger-semmle · asger-semmle · commit 1130d0c6f9b1 · 2018-12-03T11:23:02.000Z
diff --git a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
@@ -99,7 +99,10 @@ predicate isDerivedFromLength(DataFlow::Node length, DataFlow::Node operand) {
 }
 
 /**
- * An equality comparison of form `A.indexOf(B) === A.length - B.length` or similar. 
+ * An equality comparison of form `A.indexOf(B) === A.length - B.length` or similar.
+ *
+ * We assume A and B are strings, even A and/or B could be also be arrays.
+ * The comparison with the length rarely occurs for arrays, however.
  */
 class UnsafeIndexOfComparison extends EqualityTest {
   IndexOfCall indexOf;
