fix tests

2026-01-29 14:23:03 +01:00 · 2020-05-11 19:32:28 +05:30
parent 3d10ec7e51
commit c1856ba260
3 changed files with 15 additions and 1 deletions
--- a/ql/test/experimental/CWE-807/SensitiveConditionBypass.expected
+++ b/ql/test/experimental/CWE-807/SensitiveConditionBypass.expected
@@ -0,0 +1,4 @@
+| SensitiveConditionBypassBad.go:7:5:7:39 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:16:5:16:34 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:25:5:25:35 | ...!=... | This sensitive comparision check can potentially be bypassed. |
+| condition.go:34:5:34:35 | ...!=... | This sensitive comparision check can potentially be bypassed. |
--- a/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
+++ b/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
@@ -0,0 +1,10 @@
+package main
+
+import "net/http"
+
+func example(w http.ResponseWriter, r *http.Request) {
+	test2 := "test"
+	if r.Header.Get("X-Password") != test2 {
+		login()
+	}
+}
--- a/ql/test/experimental/CWE-807/condition.go
+++ b/ql/test/experimental/CWE-807/condition.go
@@ -9,7 +9,7 @@ func use(xs ...interface{})      {}
 func t(xs ...interface{}) string { return "sadsad" }
 func login(xs ...interface{})    {}

-var test = "localhost"
+const test = "localhost"

 // Should alert as authkey is sensitive
 func ex1(w http.ResponseWriter, r *http.Request) {