Fix conditionControlsMethod predicate

Exceptions for throw and return statements were missing the appropriate condition

Author: atorralba

java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll

@@ -17,8 +17,8 @@ predicate conditionControlsMethod(MethodAccess ma, Expr e) {
     cb.controls(ma.getBasicBlock(), cond) and
     not cb.controls(any(SensitiveExecutionMethod sem).getAReference().getBasicBlock(),
       cond.booleanNot()) and
-    not cb.controls(any(ThrowStmt t).getBasicBlock(), _) and
-    not cb.controls(any(ReturnStmt r).getBasicBlock(), _) and
+    not cb.controls(any(ThrowStmt t).getBasicBlock(), cond.booleanNot()) and
+    not cb.controls(any(ReturnStmt r).getBasicBlock(), cond.booleanNot()) and
     e = cb.getCondition()
   )
 }

java/ql/test/query-tests/security/CWE-807/semmle/tests/ConditionalBypassTest.java

@@ -120,8 +120,8 @@ public static void test6(String user, String password) {
 
 	public static void test7(String user, String password) {
 		Cookie adminCookie = getCookies()[0];
-		// FALSE NEGATIVE: login is bypasseable
-		if (adminCookie.getValue() == "false") { // $ MISSING: $ hasConditionalBypassTest
+		// BAD: login is bypasseable
+		if (adminCookie.getValue() == "false") { // $ hasConditionalBypassTest
 			login(user, password);
 			return;
 		} else {