Mark spurious test results

atorralba · atorralba · commit dcee1daa3128 · 2021-05-07T13:17:04.000+02:00
diff --git a/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java b/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java
@@ -32,7 +32,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 
 		String thisUrl = getIntent().getExtras().getString("url");
 		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
-		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
@@ -51,7 +51,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 
 		String thisUrl = getIntent().getStringExtra("url");
 		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
-		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
@@ -70,7 +70,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 
 		String thisUrl = getIntent().getStringExtra("url");
 		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
-		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {`
`32`	`32`
`33`	`33`	`String thisUrl = getIntent().getExtras().getString("url");`
`34`	`34`	`wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess`
`35`		`- wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe`
	`35`	`+ wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer`
`36`	`36`	`wv.loadUrl("https://www.mycorp.com"); // Safe`
`37`	`37`	`}`
`38`	`38`
`@@ -51,7 +51,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {`
`51`	`51`
`52`	`52`	`String thisUrl = getIntent().getStringExtra("url");`
`53`	`53`	`wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess`
`54`		`- wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe`
	`54`	`+ wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer`
`55`	`55`	`wv.loadUrl("https://www.mycorp.com"); // Safe`
`56`	`56`	`}`
`57`	`57`
`@@ -70,7 +70,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {`
`70`	`70`
`71`	`71`	`String thisUrl = getIntent().getStringExtra("url");`
`72`	`72`	`wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess`
`73`		`- wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe`
	`73`	`+ wv.loadUrl("https://www.mycorp.com/" + thisUrl); // $ SPURIOUS: hasUnsafeAndroidAccess // Safe, needs sanitizer`
`74`	`74`	`wv.loadUrl("https://www.mycorp.com"); // Safe`
`75`	`75`	`}`
`76`	`76`