Insecure-TLS: remove is-test-file filter

smowton · smowton · commit 2a0642b67b4b · 2020-07-28T11:55:58.000+01:00
diff --git a/ql/src/experimental/CWE-327/InsecureTLS.ql b/ql/src/experimental/CWE-327/InsecureTLS.ql
@@ -14,16 +14,6 @@ import go
 import DataFlow::PathGraph
 import semmle.go.security.InsecureFeatureFlag::InsecureFeatureFlag
 
-/**
- * Check whether the file where the node is located is a test file.
- */
-predicate isTestFile(DataFlow::Node node) {
-  // Exclude results in test files:
-  exists(File file | file = node.getRoot().getFile() |
-    file instanceof TestFile or file.getPackageName() = "tests"
-  )
-}
-
 /**
  * Holds if it is insecure to assign TLS version `val` named `named` to `tls.Config` field `fieldName`
  */
@@ -252,7 +242,5 @@ where
   not exists(FuncDef fn | fn = sink.getNode().asInstruction().getRoot() |
     isFeatureFlagName(fn.getEnclosingFunction*().getName()) or
     isLegacyFlagName(fn.getEnclosingFunction*().getName())
-  ) and
-  // Exclude results in test code:
-  not isTestFile(sink.getNode())
+  )
 select sink.getNode(), source, sink, message
