Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java

atorralba · Marcono1234 · atorralba · commit 926fedb7fb6b · 2021-05-06T09:18:50.000+02:00
Co-authored-by: Marcono1234 &lt;Marcono1234@users.noreply.github.com&gt;
diff --git a/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java b/java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java
@@ -133,7 +133,7 @@ public void handle(HttpServletRequest request) throws Exception {
 
         new DefaultXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
         new XPathPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
-        new XPathPattern(new PatternStub(user)); // Safe
+        new XPathPattern(new PatternStub(user)); // Jaxen is not modeled yet
 
         DocumentFactory docFactory = DocumentFactory.getInstance();
         docFactory.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
@@ -155,4 +155,4 @@ public void handle(HttpServletRequest request) throws Exception {
         namespace.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
         namespace.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
     }
-}
+}
