add "good" test cases to demonstrate false positives

mrigankpawagi · mrigankpawagi · commit 2a0e0042d545 · 2026-06-20T21:14:54.000+05:30
diff --git a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py
@@ -18,6 +18,18 @@ def good1():
     logging.info('User name: ' + name) # Good
     return 'good1'
 
+@app.route('/good_repr1')
+def good_repr1():
+    name = request.args.get('name')
+    logging.info('User name: ' + repr(name)) # Good - repr() escapes special characters
+    return 'good_repr1'
+
+@app.route('/good_repr2')
+def good_repr2():
+    name = request.args.get('name')
+    logging.info('User name: %r', name) # Good - %r format specifier applies repr()
+    return 'good_repr2'
+
 if __name__ == '__main__':
     app.debug = True
     handler = logging.FileHandler('log')
