From c9d45217d2d8d8894d22724d09bf00fa4d7f9d69 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 19 Jun 2026 13:23:52 +0100 Subject: [PATCH] Fix order of comments in test --- .../CWE-091-XsltInjection/XsltInjection.expected | 7 ------- .../Security/CWE-091-XsltInjection/xslt.py | 2 +- .../Security/CWE-091-XsltInjection/xsltInjection.py | 12 ++++++------ 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected index 53e1d19112e..28c85388a97 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected @@ -129,10 +129,3 @@ nodes | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | semmle.label | ControlFlowNode for xsltStrings [List element] | | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root | subpaths -testFailures -| xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | Unexpected result: Alert | -| xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | Unexpected result: Alert | -| xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | Unexpected result: Alert | -| xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | Unexpected result: Alert | -| xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | Unexpected result: Alert | -| xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | Unexpected result: Alert | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xslt.py b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xslt.py index 6464d35811b..b589f453a9b 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xslt.py +++ b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xslt.py @@ -11,4 +11,4 @@ def bad(): xslt_root = etree.XML(xsltQuery) f = StringIO('') tree = etree.parse(f) - result_tree = tree.xslt(xslt_root) # Not OK # $ Alert + result_tree = tree.xslt(xslt_root) # $ Alert # Not OK diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltInjection.py b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltInjection.py index 9f8a25f2e61..2e56ff487ca 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltInjection.py +++ b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltInjection.py @@ -9,7 +9,7 @@ app = Flask(__name__) def a(): xsltQuery = request.args.get('xml', '') xslt_root = etree.XML(xsltQuery) - transform = etree.XSLT(xslt_root) # Not OK # $ Alert + transform = etree.XSLT(xslt_root) # $ Alert # Not OK @app.route("/xslt2") @@ -18,7 +18,7 @@ def b(): xslt_root = etree.XML(xsltQuery) f = StringIO('') tree = etree.parse(f) - result_tree = tree.xslt(xslt_root) # Not OK # $ Alert + result_tree = tree.xslt(xslt_root) # $ Alert # Not OK @app.route("/xslt3") @@ -28,7 +28,7 @@ def c(): f = StringIO('') tree = etree.parse(f) - result = tree.xslt(xslt_root, a="'A'") # Not OK # $ Alert + result = tree.xslt(xslt_root, a="'A'") # $ Alert # Not OK @app.route("/xslt4") def d(): @@ -37,7 +37,7 @@ def d(): f = StringIO('') tree = etree.parse(f) - result = tree.xslt(xslt_root, a="'A'") # Not OK # $ Alert + result = tree.xslt(xslt_root, a="'A'") # $ Alert # Not OK @app.route("/xslt5") def e(): @@ -47,7 +47,7 @@ def e(): f = StringIO('') tree = etree.parse(f) - result = tree.xslt(xslt_root, a="'A'") # Not OK # $ Alert + result = tree.xslt(xslt_root, a="'A'") # $ Alert # Not OK @app.route("/xslt6") @@ -76,4 +76,4 @@ def h(): f = StringIO('') tree = etree.parse(f) - result = tree.xslt(xslt_root, a="'A'") # OK \ No newline at end of file + result = tree.xslt(xslt_root, a="'A'") # OK