Resolve now-fixed spurious XSS results

smowton · smowton · commit 7f556de8a006 · 2021-06-30T12:04:22.000+01:00
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/JaxXSS.java
@@ -37,18 +37,18 @@ public static Response specificContentType(boolean safeContentType, boolean chai
     else {
       if(chainDirectly) {
         if(contentTypeFirst)
-          return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build(); // $SPURIOUS: xss
+          return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build();
         else
-          return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
+          return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build();
       }
       else {
         if(contentTypeFirst) {
           Response.ResponseBuilder builder2 = builder.type(MediaType.APPLICATION_JSON);
-          return builder2.entity(userControlled).build(); // $SPURIOUS: xss
+          return builder2.entity(userControlled).build();
         }
         else {
           Response.ResponseBuilder builder2 = builder.entity(userControlled);
-          return builder2.type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss
+          return builder2.type(MediaType.APPLICATION_JSON).build();
         }
       }
     }

Original file line number	Diff line number	Diff line change
`@@ -37,18 +37,18 @@ public static Response specificContentType(boolean safeContentType, boolean chai`
`37`	`37`	`else {`
`38`	`38`	`if(chainDirectly) {`
`39`	`39`	`if(contentTypeFirst)`
`40`		`- return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build(); // $SPURIOUS: xss`
	`40`	`+ return builder.type(MediaType.APPLICATION_JSON).entity(userControlled).build();`
`41`	`41`	`else`
`42`		`- return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss`
	`42`	`+ return builder.entity(userControlled).type(MediaType.APPLICATION_JSON).build();`
`43`	`43`	`}`
`44`	`44`	`else {`
`45`	`45`	`if(contentTypeFirst) {`
`46`	`46`	`Response.ResponseBuilder builder2 = builder.type(MediaType.APPLICATION_JSON);`
`47`		`- return builder2.entity(userControlled).build(); // $SPURIOUS: xss`
	`47`	`+ return builder2.entity(userControlled).build();`
`48`	`48`	`}`
`49`	`49`	`else {`
`50`	`50`	`Response.ResponseBuilder builder2 = builder.entity(userControlled);`
`51`		`- return builder2.type(MediaType.APPLICATION_JSON).build(); // $SPURIOUS: xss`
	`51`	`+ return builder2.type(MediaType.APPLICATION_JSON).build();`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`	`}`