From f4d9f2f2fa86cf5dbb08ddff69b0e2bde8fe284b Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Thu, 21 Oct 2021 05:18:25 +0100
Subject: [PATCH] Remove unused test comments

These were introduced in 68dca955. Currently they aren't doing anything
as there isn't an inline expectation test for the tag "source" in this
folder. It seems they were originally intended to indicate untrusted flow
sources, but they aren't needed as we are using "noflow" to only mark the
places where there isn't a flow.
---
 .../semmle/go/frameworks/Revel/EndToEnd.go    | 26 +++++++++----------
 .../semmle/go/frameworks/Revel/Revel.go       |  4 +--
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go b/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
index a2a69a1a1b1..a21911f3beb 100644
--- a/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
+++ b/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
@@ -27,13 +27,13 @@ type MyRoute struct {
 
 func (c MyRoute) Handler1() revel.Result {
 	// GOOD: the Render function is likely to properly escape the user-controlled parameter.
-	return c.Render("someviewparam", c.Params.Form.Get("someField")) // $ source="selection of Params"
+	return c.Render("someviewparam", c.Params.Form.Get("someField"))
 }
 
 func (c MyRoute) Handler2() revel.Result {
 	// BAD: the RenderBinary function copies an `io.Reader` to the user's browser.
 	buf := &bytes.Buffer{}
-	buf.WriteString(c.Params.Form.Get("someField"))                    // $ source="selection of Params"
+	buf.WriteString(c.Params.Form.Get("someField"))
 	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf'
 }
 
@@ -41,55 +41,55 @@ func (c MyRoute) Handler3() revel.Result {
 	// GOOD: the RenderBinary function copies an `io.Reader` to the user's browser, but the filename
 	// means it will be given a safe content-type.
 	buf := &bytes.Buffer{}
-	buf.WriteString(c.Params.Form.Get("someField"))                   // $ source="selection of Params"
+	buf.WriteString(c.Params.Form.Get("someField"))
 	return c.RenderBinary(buf, "index.txt", revel.Inline, time.Now()) // $ responsebody='buf'
 }
 
 func (c MyRoute) Handler4() revel.Result {
 	// GOOD: the RenderError function either uses an HTML template with probable escaping,
 	// or it uses content-type text/plain.
-	err := errors.New(c.Params.Form.Get("someField")) // $ source="selection of Params"
-	return c.RenderError(err)                         // $ responsebody='err'
+	err := errors.New(c.Params.Form.Get("someField"))
+	return c.RenderError(err) // $ responsebody='err'
 }
 
 func (c MyRoute) Handler5() revel.Result {
 	// BAD: returning an arbitrary file (but this is detected at the os.Open call, not
 	// due to modelling Revel)
-	f, _ := os.Open(c.Params.Form.Get("someField")) // $ source="selection of Params"
+	f, _ := os.Open(c.Params.Form.Get("someField"))
 	return c.RenderFile(f, revel.Inline)
 }
 
 func (c MyRoute) Handler6() revel.Result {
 	// BAD: returning an arbitrary file (detected as a user-controlled file-op, not XSS)
-	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline) // $ source="selection of Params"
+	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline)
 }
 
 func (c MyRoute) Handler7() revel.Result {
 	// BAD: straightforward XSS
-	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get' source="selection of Params"
+	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
 }
 
 func (c MyRoute) Handler8() revel.Result {
 	// GOOD: uses JSON content-type
-	return c.RenderJSON(c.Params.Form.Get("someField")) // $ responsebody='call to Get' source="selection of Params"
+	return c.RenderJSON(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
 }
 
 func (c MyRoute) Handler9() revel.Result {
 	// GOOD: uses Javascript content-type
-	return c.RenderJSONP("callback", c.Params.Form.Get("someField")) // $ responsebody='call to Get' source="selection of Params"
+	return c.RenderJSONP("callback", c.Params.Form.Get("someField")) // $ responsebody='call to Get'
 }
 
 func (c MyRoute) Handler10() revel.Result {
 	// GOOD: uses text content-type
-	return c.RenderText(c.Params.Form.Get("someField")) // $ responsebody='call to Get' source="selection of Params"
+	return c.RenderText(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
 }
 
 func (c MyRoute) Handler11() revel.Result {
 	// GOOD: uses xml content-type
-	return c.RenderXML(c.Params.Form.Get("someField")) // $ responsebody='call to Get' source="selection of Params"
+	return c.RenderXML(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
 }
 
 func (c MyRoute) Handler12() revel.Result {
 	// BAD: open redirect
-	return c.Redirect(c.Params.Form.Get("someField")) // $ source="selection of Params"
+	return c.Redirect(c.Params.Form.Get("someField"))
 }
diff --git a/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go b/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go
index f1568e7791d..80e52937465 100644
--- a/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go
+++ b/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go
@@ -24,10 +24,10 @@ func sink(_ ...interface{}) {}
 
 func (c myAppController) accessingParamsDirectlyIsUnsafe() {
 	sink(c.Params.Get("key"))
-	sink(c.Params.Values) // $ source="selection of Params"
+	sink(c.Params.Values)
 
 	val4 := ""
-	c.Params.Bind(&val4, "key") // $ source="selection of Params"
+	c.Params.Bind(&val4, "key")
 	sink(val4)
 
 	sink(c.Request.FormValue("key"))