From 7adf477e2d5ca17a04b47f66b335dc94b5ff3665 Mon Sep 17 00:00:00 2001
From: Simon Taranto <srt32@users.noreply.github.com>
Date: Fri, 21 Aug 2020 15:31:47 -0600
Subject: [PATCH] Update bad / good message for CWE 079

Previously, the "good" example still had the "BAD: " comment in it which was confusing.

This change updates the good example to have a "GOOD: " comment instead.
---
 ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go b/ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go
index a16c6538e34..6f76ac4a434 100644
--- a/ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go
+++ b/ql/test/query-tests/Security/CWE-079/ReflectedXssGood.go
@@ -11,7 +11,7 @@ func serve1() {
 		r.ParseForm()
 		username := r.Form.Get("username")
 		if !isValidUsername(username) {
-			// BAD: a request parameter is incorporated without validation into the response
+			// GOOD: a request parameter is escaped before being put into the response
 			fmt.Fprintf(w, "%q is an unknown user", html.EscapeString(username))
 		} else {
 			// TODO: do something exciting