Fix examples

gagliardetto · gagliardetto · commit 27f62b0b3a7b · 2020-07-17T13:12:18.000+03:00
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2StateBad.go b/ql/src/experimental/CWE-352/ConstantOauth2StateBad.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"fmt"
-
 	"golang.org/x/oauth2"
 )
 
@@ -21,7 +19,6 @@ func badWithStringLiteralState() {
 		},
 	}
 
-	url := conf.AuthCodeURL(stateStringVar, oauth2.AccessTypeOffline)
-	fmt.Printf("Visit the URL for the auth dialog: %v", url)
+	url := conf.AuthCodeURL(stateStringVar)
 	// ...
 }
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go b/ql/src/experimental/CWE-352/ConstantOauth2StateBetter.go
@@ -27,7 +27,8 @@ func betterWithVariableStateReturned(w http.ResponseWriter) {
 func generateStateOauthCookie(w http.ResponseWriter) string {
 	b := make([]byte, 128)
 	rand.Read(b)
-	// TODO: save the state string to cookies or HTML storage.
+	// TODO: save the state string to cookies or HTML storage,
+	// and bind it to the authenticated status of the user.
 	state := base64.URLEncoding.EncodeToString(b)
 
 	return state

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,6 @@`
`1`	`1`	`package main`
`2`	`2`
`3`	`3`	`import (`
`4`		`- "fmt"`
`5`		`-`
`6`	`4`	`"golang.org/x/oauth2"`
`7`	`5`	`)`
`8`	`6`
`@@ -21,7 +19,6 @@ func badWithStringLiteralState() {`
`21`	`19`	`},`
`22`	`20`	`}`
`23`	`21`
`24`		`- url := conf.AuthCodeURL(stateStringVar, oauth2.AccessTypeOffline)`
`25`		`- fmt.Printf("Visit the URL for the auth dialog: %v", url)`
	`22`	`+ url := conf.AuthCodeURL(stateStringVar)`
`26`	`23`	`// ...`
`27`	`24`	`}`