adjust comments to reflect that tainted-path have no array-steps

erik-krogh · erik-krogh · commit 5ce2987cb210 · 2020-06-04T16:15:37.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected
@@ -1,2 +0,0 @@
-| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:10 | expected an alert, but found none | BAD: taint is preserved |
-| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:14 | expected an alert, but found none | BAD: taint is preserved |
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js
@@ -7,11 +7,11 @@ var fs = require('fs'),
 
 var server = http.createServer(function(req, res) {
   let path = url.parse(req.url, true).query.path;
-  res.write(fs.readFileSync(['public', path].join('/'))); // BAD: taint is preserved
+  res.write(fs.readFileSync(['public', path].join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY]
 
   let parts = ['public', path];
   parts = parts.map(x => x.toLowerCase());
-  res.write(fs.readFileSync(parts.join('/'))); // BAD: taint is preserved
+  res.write(fs.readFileSync(parts.join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY]
 });
 
 server.listen();

Original file line number	Diff line number	Diff line change
`@@ -1,2 +0,0 @@`
`1`		`-\| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:10 \| expected an alert, but found none \| BAD: taint is preserved \|`
`2`		`-\| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:14 \| expected an alert, but found none \| BAD: taint is preserved \|`