JS: Update alerts in example_bypass.js

We happen to flag the condition with different-kinds-comparison-bypass. The ConditionalBypass query was originally intended to flag this I think, but doesn't anymore.
2026-04-27 01:35:13 +02:00 · 2025-02-25 16:10:27 +01:00
parent 7ed5398688
commit c79d355d26
1 changed files with 2 additions and 2 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-807/example_bypass.js
+++ b/javascript/ql/test/query-tests/Security/CWE-807/example_bypass.js
@@ -3,8 +3,8 @@ var app = express();
 // ...
 app.get('/full-profile/:userId', function(req, res) {

-    if (req.cookies.loggedInUserId !== req.params.userId) { // $ Alert
-        requireLogin(); // $ Alert - login decision made based on user controlled data
+    if (req.cookies.loggedInUserId !== req.params.userId) { // $ Alert[js/different-kinds-comparison-bypass]
+        requireLogin(); // $ MISSING: Alert - login decision made based on user controlled data
    } else {
        // ... show private information
    }