JS: Accept some different-kind comparison-bypass alerts

Author: asgerf

javascript/ql/test/query-tests/Security/CWE-807/tst-different-kinds-comparison-bypass.js

@@ -4,16 +4,16 @@ var app = express();
 
 app.get('/user/:id', function(req, res) {
 
-    req.query.userId == req.cookies.userId; // $ Alert
+    req.query.userId == req.cookies.userId; // $ Alert[js/different-kinds-comparison-bypass]
 
     req.query.userId1 == req.query.userId2; // OK - same kind of source
 
-    req.url == req.body; // $ Alert
+    req.url == req.body; // $ Alert[js/different-kinds-comparison-bypass]
 
     check(req.query.userId, req.cookies.userId);
 
     function check(a, b) {
-        a == b; // $ Alert
+        a == b; // $ Alert[js/different-kinds-comparison-bypass]
     }
 
     // CSRF protection

javascript/ql/test/query-tests/Security/CWE-807/tst.js

@@ -58,17 +58,17 @@ app.get('/user/:id', function(req, res) {
         login()
     }
 
-    if (req.cookies.cookieId === req.params.requestId) { // $ Alert - depends on user input
+    if (req.cookies.cookieId === req.params.requestId) { // $ Alert[js/different-kinds-comparison-bypass]
         process.exit();
     }
 
-    var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert - depends on user input
+    var v1 = req.cookies.cookieId === req.params.requestId; // $ Alert[js/different-kinds-comparison-bypass]
     if (v1) {
         process.exit();
     }
 
     function cmp(p, q) {
-        return p === q;
+        return p === q; // $ Alert[js/different-kinds-comparison-bypass]
     }
     var v2 = cmp(req.cookies.cookieId, req.params.requestId); // $ MISSING: Alert - not detected due to flow limitations
     if (v2) {