JS: add extra test case with }

Napalys · Napalys · commit cc1d2c4473da · 2025-07-02T18:03:52.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteSanitization.expected
@@ -35,3 +35,4 @@
 | tst.js:353:9:353:17 | s.replace | This does not escape backslash characters in the input. | tst.js:353:19:353:50 | new Reg ... lags()) |  |
 | tst.js:362:2:362:10 | x.replace | This replaces only the first occurrence of $@. | tst.js:362:12:362:27 | new RegExp("\\n") | this node |
 | tst.js:363:2:363:24 | x.repla ... replace | This replaces only the first occurrence of $@. | tst.js:363:26:363:41 | new RegExp("\\n") | this node |
+| tst.js:367:2:367:24 | x.repla ... replace | This replaces only the first occurrence of $@. | tst.js:367:26:367:28 | '}' | '}' |
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -364,4 +364,5 @@ function newlinesNewReGexp(s) {
 
 	x.replace(new RegExp("\n", unknownFlags()), "").replace(x, y);
 	x.replace(x, y).replace(new RegExp("\n", unknownFlags()), "");
+	x.replace(x, y).replace('}', ""); // $ Alert[js/incomplete-sanitization]
 }

Original file line number	Diff line number	Diff line change
`@@ -364,4 +364,5 @@ function newlinesNewReGexp(s) {`
`364`	`364`
`365`	`365`	`x.replace(new RegExp("\n", unknownFlags()), "").replace(x, y);`
`366`	`366`	`x.replace(x, y).replace(new RegExp("\n", unknownFlags()), "");`
	`367`	`+ x.replace(x, y).replace('}', ""); // $ Alert[js/incomplete-sanitization]`
`367`	`368`	`}`