Apply suggestions from code review

edoardopirovano · asgerf · web-flow · commit 081765cbe8b6 · 2022-01-04T10:07:34.000Z
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering.js b/javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering.js
@@ -4,7 +4,8 @@ var app = require("express")(),
 app.get("/user-files", function(req, res) {
   var file = req.param("file");
   if (file.indexOf("..") !== -1) {
-    // BAD: we forbid relative paths that contain ..
+    // BAD
+    // we forbid relative paths that contain ..
     // as these could leave the public directory
     res.status(400).send("Bad request");
   } else {
diff --git a/javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering_fixed.js b/javascript/ql/src/Security/CWE-843/examples/TypeConfusionThroughParameterTampering_fixed.js
@@ -4,7 +4,8 @@ var app = require("express")(),
 app.get("/user-files", function(req, res) {
   var file = req.param("file");
   if (typeof file !== 'string' || file.indexOf("..") !== -1) {
-    // BAD: we forbid relative paths that contain ..
+    // GOOD
+    // we forbid relative paths that contain ..
     // as these could leave the public directory
     res.status(400).send("Bad request");
   } else {
