clarifying comment on the last jQuery inconsistency

erik-krogh · erik-krogh · commit fd0515629851 · 2020-09-04T10:30:42.000+02:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js b/javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js
@@ -154,7 +154,7 @@
 		let target = options.target;
 		target === DEFAULTS.target? $(target): $(document).find(target); // OK
 		options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // OK
-		options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - but still flagged [INCONSISTENCY]
+		options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - should be sanitized by `MembershipTestSanitizer` - but still flagged because `AccessPath` can't handle these deeply nested properties [INCONSISTENCY]
 	}
 
 	$.fn.my_plugin = function my_plugin(options) {

Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@`
`154`	`154`	`let target = options.target;`
`155`	`155`	`target === DEFAULTS.target? $(target): $(document).find(target); // OK`
`156`	`156`	`options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // OK`
`157`		`- options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - but still flagged [INCONSISTENCY]`
	`157`	+ options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - should be sanitized by `MembershipTestSanitizer` - but still flagged because `AccessPath` can't handle these deeply nested properties [INCONSISTENCY]
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`$.fn.my_plugin = function my_plugin(options) {`