From ee0f3c9fbaf986bc25c8785a3222d6eb407e1409 Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Thu, 14 May 2020 02:29:26 -0700
Subject: [PATCH] Address review comments

---
 ql/src/semmle/go/security/ReflectedXssCustomizations.qll | 6 +++++-
 ql/test/query-tests/Security/CWE-079/tst.go              | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ql/src/semmle/go/security/ReflectedXssCustomizations.qll b/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
index 8940df93b12..93439ace5eb 100644
--- a/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
@@ -109,7 +109,11 @@ module ReflectedXss {
    */
   class EqualityTestGuard extends SanitizerGuard, DataFlow::EqualityTestNode {
     override predicate checks(Expr e, boolean outcome) {
-      e = this.getAnOperand().asExpr() and this.eq(outcome, _, _)
+      exists(DataFlow::Node const | const.isConst() |
+        const = this.getAnOperand() and
+        e = this.getAnOperand().asExpr() and
+        this.eq(outcome, _, _)
+      )
     }
   }
 }
diff --git a/ql/test/query-tests/Security/CWE-079/tst.go b/ql/test/query-tests/Security/CWE-079/tst.go
index f4a154c94cb..e25c79c74e1 100644
--- a/ql/test/query-tests/Security/CWE-079/tst.go
+++ b/ql/test/query-tests/Security/CWE-079/tst.go
@@ -48,7 +48,7 @@ func serve8() {
 		if service != "service1" && service != "service2" {
 			fmt.Fprintln(w, "Service not found")
 		} else {
-			// OK: json data cannot cause an HTML content type to be detected
+			// OK, but caught: service is known to be either "service1" or "service2" here
 			w.Write([]byte(service))
 		}
 	})