Note resolved spurious results

smowton · smowton · commit b47939c73792 · 2021-09-10T16:10:54.000+01:00
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SpringXSS.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SpringXSS.java
@@ -139,12 +139,12 @@ public String testDirectReturn(String userControlled) {
 
     @GetMapping(value = "/xyz", produces = {"application/json"})
     public ResponseEntity<String> overridesWithSafe(String userControlled) {
-      return ResponseEntity.ok(userControlled); // $SPURIOUS: xss
+      return ResponseEntity.ok(userControlled);
     }
 
     @GetMapping(value = "/abc")
     public ResponseEntity<String> overridesWithSafe2(String userControlled) {
-      return ResponseEntity.ok().contentType(MediaType.APPLICATION_JSON).body(userControlled); // $SPURIOUS: xss
+      return ResponseEntity.ok().contentType(MediaType.APPLICATION_JSON).body(userControlled);
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -139,12 +139,12 @@ public String testDirectReturn(String userControlled) {`
`139`	`139`
`140`	`140`	`@GetMapping(value = "/xyz", produces = {"application/json"})`
`141`	`141`	`public ResponseEntity<String> overridesWithSafe(String userControlled) {`
`142`		`- return ResponseEntity.ok(userControlled); // $SPURIOUS: xss`
	`142`	`+ return ResponseEntity.ok(userControlled);`
`143`	`143`	`}`
`144`	`144`
`145`	`145`	`@GetMapping(value = "/abc")`
`146`	`146`	`public ResponseEntity<String> overridesWithSafe2(String userControlled) {`
`147`		`- return ResponseEntity.ok().contentType(MediaType.APPLICATION_JSON).body(userControlled); // $SPURIOUS: xss`
	`147`	`+ return ResponseEntity.ok().contentType(MediaType.APPLICATION_JSON).body(userControlled);`
`148`	`148`	`}`
`149`	`149`	`}`
`150`	`150`