Java: Correctly annotate missing XSS sinks in JaxWs modeling

RasmusWL · RasmusWL · commit cee9139a0dc3 · 2022-10-27T15:17:17.000+02:00
diff --git a/java/ql/test/library-tests/frameworks/JaxWs/JakartaRs1.java b/java/ql/test/library-tests/frameworks/JaxWs/JakartaRs1.java
@@ -41,7 +41,7 @@ void Post() { // $ ResourceMethod ResourceMethodOnResourceClass
   @Produces("text/plain") // $ ProducesAnnotation=text/plain
   @DELETE
   double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-    return 0.0; // $ XssSink
+    return 0.0; // $ MISSING: XssSink
   }
 
   @Produces(MediaType.TEXT_HTML) // $ ProducesAnnotation=text/html
@@ -77,7 +77,7 @@ boolean Post() { // $ ResourceMethod=text/html ResourceMethodOnResourceClass
     @Produces(MediaType.TEXT_PLAIN) // $ ProducesAnnotation=text/plain
     @DELETE
     double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-      return 0.0; // $ XssSink
+      return 0.0; // $ MISSING: XssSink
     }
 
     @Path("")
diff --git a/java/ql/test/library-tests/frameworks/JaxWs/JaxRs1.java b/java/ql/test/library-tests/frameworks/JaxWs/JaxRs1.java
@@ -41,7 +41,7 @@ void Post() { // $ ResourceMethod ResourceMethodOnResourceClass
   @Produces("text/plain") // $ ProducesAnnotation=text/plain
   @DELETE
   double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-    return 0.0; // $ XssSink
+    return 0.0; // $ MISSING: XssSink
   }
 
   @Produces(MediaType.TEXT_HTML) // $ ProducesAnnotation=text/html
@@ -77,7 +77,7 @@ boolean Post() { // $ ResourceMethod=text/html ResourceMethodOnResourceClass
     @Produces(MediaType.TEXT_PLAIN) // $ ProducesAnnotation=text/plain
     @DELETE
     double Delete() { // $ ResourceMethod=text/plain ResourceMethodOnResourceClass
-      return 0.0; // $ XssSink
+      return 0.0; // $ MISSING: XssSink
     }
 
     @Path("")
