JS: Accept alerts about newline replacement

asgerf · asgerf · commit 68fae9ded8b8 · 2025-02-28T13:27:49.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
@@ -145,8 +145,8 @@ function newlines(s) {
 	// motivation for whitelist
 	require("child_process").execSync("which emacs").toString().replace("\n", "");
 
-	x.replace("\n", "").replace(x, y);
-	x.replace(x, y).replace("\n", "");
+	x.replace("\n", "").replace(x, y); // $ Alert[js/incomplete-sanitization]
+	x.replace(x, y).replace("\n", ""); // $ Alert[js/incomplete-sanitization]
 }
 
 app.get('/some/path', function(req, res) {

Original file line number	Diff line number	Diff line change
`@@ -145,8 +145,8 @@ function newlines(s) {`
`145`	`145`	`// motivation for whitelist`
`146`	`146`	`require("child_process").execSync("which emacs").toString().replace("\n", "");`
`147`	`147`
`148`		`- x.replace("\n", "").replace(x, y);`
`149`		`- x.replace(x, y).replace("\n", "");`
	`148`	`+ x.replace("\n", "").replace(x, y); // $ Alert[js/incomplete-sanitization]`
	`149`	`+ x.replace(x, y).replace("\n", ""); // $ Alert[js/incomplete-sanitization]`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`app.get('/some/path', function(req, res) {`