From eb990c9de729306b37553bf9567965eb42e8fff6 Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Mon, 10 Feb 2020 13:13:03 -0800
Subject: [PATCH] BadRedirectCheck: Use new rune literal string values

---
 ql/src/Security/CWE-601/BadRedirectCheck.ql | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ql/src/Security/CWE-601/BadRedirectCheck.ql b/ql/src/Security/CWE-601/BadRedirectCheck.ql
index 1e20dfbd5f7..d42605bb86b 100644
--- a/ql/src/Security/CWE-601/BadRedirectCheck.ql
+++ b/ql/src/Security/CWE-601/BadRedirectCheck.ql
@@ -18,8 +18,6 @@ StringOps::HasPrefix checkForLeadingSlash(SsaWithFields v) {
     result.getBaseString() = v.getAUse() and result.getSubstring() = substr
   |
     substr.getStringValue() = "/"
-    or
-    substr.getIntValue() = 47 // ASCII value for '/'
   )
 }
 
@@ -31,7 +29,7 @@ DataFlow::Node checkForSecondSlash(SsaWithFields v) {
   exists(DataFlow::EqualityTestNode eq, DataFlow::Node slash, DataFlow::ElementReadNode er |
     result = eq
   |
-    slash.getIntValue() = 47 and // ASCII value for '/'
+    slash.getStringValue() = "/" and
     er.getBase() = v.getAUse() and
     er.getIndex().getIntValue() = 1 and
     eq.eq(_, er, slash)
@@ -46,7 +44,7 @@ DataFlow::Node checkForSecondBackslash(SsaWithFields v) {
   exists(DataFlow::EqualityTestNode eq, DataFlow::Node slash, DataFlow::ElementReadNode er |
     result = eq
   |
-    slash.getIntValue() = 92 and // ASCII value for '\'
+    slash.getStringValue() = "\\" and
     er.getBase() = v.getAUse() and
     er.getIndex().getIntValue() = 1 and
     eq.eq(_, er, slash)