codeql/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js at db5c58180e38c19dde95d1327e680ca791b7536a · smowton/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
for (var i = 0; i <= args.length; i++) { // $ Alert - Loop upper bound is off-by-one
  console.log(args[i]);
}

for (var i = 0; args.length >= i; i++) { // $ Alert - Loop upper bound is off-by-one
  console.log(args[i]);
}

// OK - Loop upper bound is correct
for (var i = 0; i < args.length; i++) {
  console.log(args[i]);
}

var j = 0;
if (j <= args.length) { // $ Alert - Off-by-one on index validity check
  console.log(args[j]);
}

if (args.length >= j) { // $ Alert - Off-by-one on index validity check
  console.log(args[j]);
}

// OK - Correct terminating value
if (args.length > j) {
  console.log(args[j]);
}

function badContains(a, elt) { // incorrect upper bound
  for (let i = 0; i <= a.length; ++i) // $ Alert
    if (a[i] === elt)
      return true;
  return false;
}

// OK - correct upper bound
function goodContains(a, elt) {
  for (let i = 0; i < a.length; ++i)
    if (a[i] === elt)
      return true;
  return false;
}

// this is arguably OK, but we flag it
function same(a, b) {
  for (var i=0; i < a.length || i < b.length ; ++i)
    if (i <= a.length && i <= b.length && a[i] !== b[i]) // $ Alert
      return false;
  return true;
}

// OK - incorrect upper bound, but extra check
function badContains(a, elt) {
  for (let i = 0; i <= a.length; ++i)
    if (i !== a.length && a[i] === elt)
      return true;
  return false;
}

// OK - incorrect upper bound, but extra check
function badContains2(a, elt) {
  for (let i = 0; i <= a.length; ++i)
    if (i < a.length && a[i] === elt)
      return true;
  return false;
}