Skip to content

Commit 175d3ac

Browse files
erik-krogherik-krogh
committed
reword alert-message go/user-controlled-bypass to avoid using "here"
1 parent 83bedc0 commit 175d3ac

File tree

2 files changed

+5
-6
lines changed

2 files changed

+5
-6
lines changed

go/ql/src/experimental/CWE-840/ConditionalBypass.ql

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,5 @@ where
3535
rhs.getNode().asExpr() = c.getRightOperand() and
3636
config.hasFlowPath(lhsSource, lhs) and
3737
lhs.getNode().asExpr() = c.getLeftOperand()
38-
select c,
39-
"This comparison compares user-controlled values from $@ and $@, and hence can be bypassed.",
40-
lhsSource, "here", rhsSource, "here"
38+
select c, "This comparison of a $@ with another $@ can be bypassed by a malicious user.",
39+
lhsSource.getNode(), "user-controlled value", rhsSource.getNode(), "user-controlled value"

go/ql/test/experimental/CWE-840/ConditionalBypass.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| ConditionalBypassBad.go:9:5:9:46 | ...!=... | This comparison compares user-controlled values from $@ and $@, and hence can be bypassed. | ConditionalBypassBad.go:9:5:9:12 | selection of Header : Header | here | ConditionalBypassBad.go:9:41:9:46 | selection of Host : string | here |
2-
| condition.go:9:5:9:46 | ...!=... | This comparison compares user-controlled values from $@ and $@, and hence can be bypassed. | condition.go:9:5:9:12 | selection of Header : Header | here | condition.go:9:41:9:46 | selection of Host : string | here |
3-
| condition.go:16:5:16:62 | ...!=... | This comparison compares user-controlled values from $@ and $@, and hence can be bypassed. | condition.go:16:5:16:12 | selection of Header : Header | here | condition.go:16:41:16:48 | selection of Header : Header | here |
1+
| ConditionalBypassBad.go:9:5:9:46 | ...!=... | This comparison of a $@ with another $@ can be bypassed by a malicious user. | ConditionalBypassBad.go:9:5:9:12 | selection of Header | user-controlled value | ConditionalBypassBad.go:9:41:9:46 | selection of Host | user-controlled value |
2+
| condition.go:9:5:9:46 | ...!=... | This comparison of a $@ with another $@ can be bypassed by a malicious user. | condition.go:9:5:9:12 | selection of Header | user-controlled value | condition.go:9:41:9:46 | selection of Host | user-controlled value |
3+
| condition.go:16:5:16:62 | ...!=... | This comparison of a $@ with another $@ can be bypassed by a malicious user. | condition.go:16:5:16:12 | selection of Header | user-controlled value | condition.go:16:41:16:48 | selection of Header | user-controlled value |

0 commit comments

Comments
 (0)