Address review comments

This commit is contained in:
Tom Hvitved
2024-10-29 20:36:16 +01:00
parent baeffa2345
commit cc94c42f87
2 changed files with 5 additions and 5 deletions

View File

@@ -73,7 +73,7 @@ int main(int argc, char** argv) { // $ Source=argv
char buffer[1024];
read(0, buffer, 1024); // $ Source=read_output1
read(0, buffer, 1024); // $ Source=read_output2
fopen(buffer, "wb+"); // $ Alert=read_output1 $ Alert=read_output2
fopen(buffer, "wb+"); // $ SPURIOUS: Alert=read_output1 $ Alert=read_output2 [duplicated with both sources]
}
{

View File

@@ -201,17 +201,17 @@ func testSync(_ sink: @escaping (String) -> ()) {
let url = URL(string: "http://example.com/")
sink(localString) // GOOD: the HTML data is local
sink(try! String(contentsOf: URL(string: "http://example.com/")!)) // $ Source=source1 $ MISSING: Alert HTML contains remote input, may access local secrets
sink(try! String(contentsOf: url!)) // $ Source=source2 $ MISSING: Alert
sink(try! String(contentsOf: URL(string: "http://example.com/")!)) // $ Source=source1
sink(try! String(contentsOf: url!)) // $ Source=source2
sink("console.log(" + localStringFragment + ")") // GOOD: the HTML data is local
sink("console.log(" + (try! String(contentsOf: url!)) + ")") // $ Source=source3 $ MISSING: Alert
sink("console.log(" + (try! String(contentsOf: url!)) + ")") // $ Source=source3
let localData = Data(localString.utf8)
let remoteData = Data((try! String(contentsOf: url!)).utf8) // $ Source=source4
sink(String(decoding: localData, as: UTF8.self)) // GOOD: the data is local
sink(String(decoding: remoteData, as: UTF8.self)) // $ MISSING: Alert the data is remote
sink(String(decoding: remoteData, as: UTF8.self))
sink("console.log(" + String(Int(localStringFragment) ?? 0) + ")") // GOOD: Primitive conversion
sink("console.log(" + String(Int(try! String(contentsOf: url!)) ?? 0) + ")") // GOOD: Primitive conversion