add [INCONSISTENCY] comment in CodeInjection test

erik-krogh · erik-krogh · commit 664c5e64b442 · 2020-07-08T09:48:12.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/NoSQLCodeInjection.js b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/NoSQLCodeInjection.js
@@ -14,7 +14,7 @@ app.post("/documents/find", (req, res) => {
   MongoClient.connect("mongodb://localhost:27017/test", (err, db) => {
     let doc = db.collection("doc");
 
-    doc.find(query); // NOT OK, but that is flagged by js/sql-injection
+    doc.find(query); // NOT OK, but that is flagged by js/sql-injection [INCONSISTENCY]
     doc.find({ $where: req.body.query }); // NOT OK
     doc.find({ $where: "name = " + req.body.name }); // NOT OK
   });
