JS: Update alerts in example_bypass.js

asgerf · asgerf · commit 3a73513d7b13 · 2025-02-25T17:29:37.000+01:00
We happen to flag the condition with different-kinds-comparison-bypass.
The ConditionalBypass query was originally intended to flag this I think, but doesn't anymore.
diff --git a/javascript/ql/test/query-tests/Security/CWE-807/example_bypass.js b/javascript/ql/test/query-tests/Security/CWE-807/example_bypass.js
@@ -3,8 +3,8 @@ var app = express();
 // ...
 app.get('/full-profile/:userId', function(req, res) {
 
-    if (req.cookies.loggedInUserId !== req.params.userId) { // $ Alert
-        requireLogin(); // $ Alert - login decision made based on user controlled data
+    if (req.cookies.loggedInUserId !== req.params.userId) { // $ Alert[js/different-kinds-comparison-bypass]
+        requireLogin(); // $ MISSING: Alert - login decision made based on user controlled data
     } else {
         // ... show private information
     }
