From 2a0642b67b4bf889b92969e82c8c1f080acce37b Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Tue, 28 Jul 2020 10:04:14 +0100
Subject: [PATCH] Insecure-TLS: remove is-test-file filter

---
 ql/src/experimental/CWE-327/InsecureTLS.ql | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/ql/src/experimental/CWE-327/InsecureTLS.ql b/ql/src/experimental/CWE-327/InsecureTLS.ql
index ae2a0cdc146..9a4029d9853 100644
--- a/ql/src/experimental/CWE-327/InsecureTLS.ql
+++ b/ql/src/experimental/CWE-327/InsecureTLS.ql
@@ -14,16 +14,6 @@ import go
 import DataFlow::PathGraph
 import semmle.go.security.InsecureFeatureFlag::InsecureFeatureFlag
 
-/**
- * Check whether the file where the node is located is a test file.
- */
-predicate isTestFile(DataFlow::Node node) {
-  // Exclude results in test files:
-  exists(File file | file = node.getRoot().getFile() |
-    file instanceof TestFile or file.getPackageName() = "tests"
-  )
-}
-
 /**
  * Holds if it is insecure to assign TLS version `val` named `named` to `tls.Config` field `fieldName`
  */
@@ -252,7 +242,5 @@ where
   not exists(FuncDef fn | fn = sink.getNode().asInstruction().getRoot() |
     isFeatureFlagName(fn.getEnclosingFunction*().getName()) or
     isLegacyFlagName(fn.getEnclosingFunction*().getName())
-  ) and
-  // Exclude results in test code:
-  not isTestFile(sink.getNode())
+  )
 select sink.getNode(), source, sink, message