JS: Accept some alerts at the SystemCommandExecution location

asgerf · asgerf · commit 07a876b4e94f · 2025-02-28T13:27:46.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/lib.js
@@ -424,8 +424,8 @@ module.exports.shellOption = function (name) {
 	spawn("rm", ["first", name], SPAWN_OPT); // $ Alert
 	var arr = [];
 	arr.push(name); // $ Alert
-	spawn("rm", arr, SPAWN_OPT); 
-	spawn("rm", build("node", (name ? name + ':' : '') + '-'), SPAWN_OPT);  // This is bad, but the alert location is down in `build`.
+	spawn("rm", arr, SPAWN_OPT); // $ Alert
+	spawn("rm", build("node", (name ? name + ':' : '') + '-'), SPAWN_OPT); // $ Alert
 }
 
 function build(first, last) {
