hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update bad / good message for CWE 079

Browse Source 
Previously, the "good" example still had the "BAD: " comment in it which was confusing.

This change updates the good example to have a "GOOD: " comment instead.
This commit is contained in:
Simon Taranto
2020-08-21 15:31:47 -06:00
committed by GitHub
parent b983778cd1
commit 7adf477e2d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go
View File

@@ -11,7 +11,7 @@ func serve1() {
r.ParseForm()
username := r.Form.Get("username")
if !isValidUsername(username) {
// BAD: a request parameter is incorporated without validation into the response
// GOOD: a request parameter is escaped before being put into the response
fmt.Fprintf(w, "%q is an unknown user", html.EscapeString(username))
} else {
// TODO: do something exciting