FilesExpand file tree

 main

/

BadTypeof.ql

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

58 lines (54 loc) · 1.77 KB

 main

/

BadTypeof.ql

Top

File metadata and controls

• Code
• Blame

58 lines (54 loc) · 1.77 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

/**

* @name Useless type test

* @description Comparing the result of a typeof test against a string other than 'undefined',

* 'boolean', 'number', 'string', 'object', 'function' or 'symbol' is useless, since

* this comparison can never succeed.

* @kind problem

* @problem.severity error

* @id js/useless-type-test

* @tags maintainability

* correctness

* language-features

* external/cwe/cwe-570

* external/cwe/cwe-571

* @precision very-high

*/

import javascript

/**

* A comparison construct, that is, either an equality test or a switch case

* (which is implicitly compared to the switch statement's discriminant).

*/

class EqOrSwitch extends ASTNode {

EqOrSwitch() {

this instanceof EqualityTest or

this instanceof Case

}

/**

* Gets an operand of this comparison.

*

* For equality tests, the result is one of the operands; for switch cases,

* the result is either the case expression or the discriminant of the

* switch statement.

*

* Thus, the operands of `x !== 0` are `x` and `0`, while the operands

* of `case 1:` in `switch (y) { case 1: ... }` are `y` and `1`.

*/

Expr getAnOperand() {

result = this.(EqualityTest).getAnOperand()

or

exists(Case c | c = this |

result = c.getSwitch().getExpr() or

result = c.getExpr()

)

}

}

from EqOrSwitch et, TypeofExpr typeof, ConstantString str

where

typeof = et.getAnOperand().getUnderlyingValue() and

str = et.getAnOperand().getUnderlyingValue() and

not str

.getStringValue()

.regexpMatch("undefined|boolean|number|string|object|function|symbol|unknown|date|bigint")

select typeof,

"The result of this 'typeof' expression is compared to '$@', but the two can never be equal.",

str, str.getStringValue()