Merge pull request #359 from smowton/smowton/fix/suspicious-regex-qhelp

smowton · web-flow · commit 1be34c0c902b · 2020-09-30T11:03:10.000+01:00
Improve variable names in example code
diff --git a/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.go b/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.go
@@ -3,8 +3,8 @@ package main
 import "regexp"
 
 func broken(hostNames []byte) string {
-	var htmlRe = regexp.MustCompile("\bforbidden.host.org")
-	if htmlRe.Match(hostNames) {
+	var hostRe = regexp.MustCompile("\bforbidden.host.org")
+	if hostRe.Match(hostNames) {
 		return "Must not target forbidden.host.org"
 	} else {
 		// This will be reached even if hostNames is exactly "forbidden.host.org",
diff --git a/ql/src/Security/CWE-020/SuspiciousCharacterInRegexpGood.go b/ql/src/Security/CWE-020/SuspiciousCharacterInRegexpGood.go
@@ -3,8 +3,8 @@ package main
 import "regexp"
 
 func fixed(hostNames []byte) string {
-	var htmlRe = regexp.MustCompile("\\bforbidden.host.org")
-	if htmlRe.Match(hostNames) {
+	var hostRe = regexp.MustCompile("\\bforbidden.host.org")
+	if hostRe.Match(hostNames) {
 		return "Must not target forbidden.host.org"
 	} else {
 		// hostNames definitely doesn't contain a word "forbidden.host.org", as "\\b"
