Java: Fix failing tests

2025-12-20 18:56:32 +01:00 · 2020-10-06 13:49:02 +01:00
parent ff6c5c219c
commit ca60f2cc18
2 changed files with 2 additions and 1 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -457,7 +457,7 @@ private predicate unsafeEscape(MethodAccess ma) {
  // Removing `<script>` tags using a string-replace method is
  // unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
  exists(StringReplaceMethod m | ma.getMethod() = m |
-    ma.getArgument(0).(StringLiteral).getRepresentedString() = "<script>" and
+    ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and
    ma.getArgument(1).(StringLiteral).getRepresentedString() = ""
  )
 }
--- a/java/ql/test/library-tests/dataflow/taint-format/test.expected
+++ b/java/ql/test/library-tests/dataflow/taint-format/test.expected
@@ -13,6 +13,7 @@
 | A.java:20:22:20:28 | taint(...) | A.java:24:9:24:27 | new ..[] { .. } |
 | A.java:20:22:20:28 | taint(...) | A.java:24:24:24:26 | bad |
 | A.java:20:22:20:28 | taint(...) | A.java:25:9:25:9 | f |
+| A.java:20:22:20:28 | taint(...) | A.java:25:9:25:20 | toString(...) |
 | A.java:29:22:29:28 | taint(...) | A.java:29:22:29:28 | taint(...) |
 | A.java:29:22:29:28 | taint(...) | A.java:33:9:33:10 | sb |
 | A.java:29:22:29:28 | taint(...) | A.java:33:9:33:21 | toString(...) |