Arguments redefined¶
ID: js/arguments-redefinitionKind: problemSecurity severity: Severity: recommendationPrecision: very-highTags: - quality - reliability - performanceQuery suites: - javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
JavaScript functions can access their arguments by position (rather than by parameter name) through the specialarguments object. However, if a function declares a parameter or local variable namedarguments, or assigns a new value toarguments, then thearguments object is no longer available. This is confusing and makes code hard to understand, so it should be avoided.
Also note that many popular JavaScript engines (such as V8, which is used by Google Chrome and Node.js) do not support optimization of functions that assign toarguments, so such functions will run more slowly.
Recommendation¶
Rename the variable to something else.
Example¶
In the following example, thearguments parameter of functionf shadows the specialarguments variable. As a result, thearguments object cannot be accessed insidef. To the casual reader, the testx===arguments[0] may look redundant, since normallyarguments[0] refers to the first argument (x in this case), which would make the test trivially true. This is not the case here, however, sincearguments[0] refers to the first element of the array passed in as the second argument.
functionf(x,arguments){if(x===arguments[0])return23;return42;}
References¶
Mozilla Developer Network:arguments.
Petka Antonov:Optimization killers.