github
diff --git a/‎javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
Copy file name to clipboardExpand all lines: javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+8-4Lines changed: 8 additions & 4 deletions b/‎javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
Copy file name to clipboardExpand all lines: javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
+8-4Lines changed: 8 additions & 4 deletions
diff --git a/‎javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
Copy file name to clipboardExpand all lines: javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
+4Lines changed: 4 additions & 0 deletions b/‎javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
Copy file name to clipboardExpand all lines: javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
+4Lines changed: 4 additions & 0 deletions
diff --git a/‎javascript/ql/test/library-tests/TaintTracking/spread.js
Copy file name to clipboard
+18-1Lines changed: 18 additions & 1 deletion b/‎javascript/ql/test/library-tests/TaintTracking/spread.js
Copy file name to clipboard
+18-1Lines changed: 18 additions & 1 deletion
@@ -32,6 +32,8 @@ legacyDataFlowDifference
 | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library |
 | promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library |
 | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
+| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library |
+| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:16:10:16:10 | y | only flow with NEW data flow library |
 consistencyIssue
@@ -250,10 +252,12 @@ flow
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x |
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x |
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x |
-| spread.js:2:15:2:22 | source() | spread.js:4:8:4:19 | { ...taint } |
-| spread.js:2:15:2:22 | source() | spread.js:5:8:5:43 | { f: 'h ... orld' } |
-| spread.js:2:15:2:22 | source() | spread.js:7:8:7:19 | [ ...taint ] |
-| spread.js:2:15:2:22 | source() | spread.js:8:8:8:28 | [ 1, 2, ... nt, 3 ] |
+| spread.js:4:15:4:22 | source() | spread.js:6:8:6:19 | { ...taint } |
+| spread.js:4:15:4:22 | source() | spread.js:7:8:7:43 | { f: 'h ... orld' } |
+| spread.js:4:15:4:22 | source() | spread.js:9:8:9:19 | [ ...taint ] |
+| spread.js:4:15:4:22 | source() | spread.js:10:8:10:28 | [ 1, 2, ... nt, 3 ] |
+| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y |
+| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y |
 | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:5:14:5:22 | RegExp.$1 |
 | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:15:14:15:22 | RegExp.$1 |
 | static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:17:14:17:22 | RegExp.$1 |
 
@@ -22,6 +22,8 @@ legacyDataFlowDifference
 | nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library |
 | nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library |
 | sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
+| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library |
+| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
@@ -176,6 +178,8 @@ flow
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x |
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:102:10:102:10 | x |
 | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x |
+| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y |
+| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y |
 | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field |
 | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 |
 | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x |
 
@@ -1,9 +1,26 @@
+import 'dummy';
+
 function test() {
   let taint = source();
-  
+
   sink({ ...taint }); // NOT OK
   sink({ f: 'hello', ...taint, g: 'world' }); // NOT OK
 
   sink([ ...taint ]); // NOT OK
   sink([ 1, 2, ...taint, 3 ]); // NOT OK
+
+  fn1(...['x', taint, 'z']);
+  fn2.apply(undefined, ['x', taint, 'z']);
+}
+
+function fn1(x, y, z) {
+  sink(x);
+  sink(y); // NOT OK
+  sink(z);
+}
+
+function fn2(x, y, z) {
+  sink(x);
+  sink(y); // NOT OK
+  sink(z);
 }