remove FPs in rb/stored-xss from spurious sources

2026-05-03 20:58:03 +02:00 · 2022-10-18 11:07:48 +02:00
parent e47e20c5e7
commit 8a3e255e12
2 changed files with 10 additions and 9 deletions
--- a/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb
+++ b/ruby/ql/test/query-tests/security/cwe-079/app/views/foo/stores/show.html.erb
@@ -81,3 +81,6 @@

 <%# BAD: Indirect to a database value without escaping %>
 <%= @other_user_raw_name.html_safe %>
+
+<%# GOOD: The `foo.bar.baz` is not recognized as a source %>
+<%= @other_user_raw_name.foo.bar.baz.html_safe %>