From 2a0e0042d545afd311fe638d532e0266f81b0dca Mon Sep 17 00:00:00 2001
From: Mrigank Pawagi <mrigankpawagi@gmail.com>
Date: Sat, 20 Jun 2026 21:14:54 +0530
Subject: [PATCH] add "good" test cases to demonstrate false positives

---
 .../CWE-117-LogInjection/LogInjectionGood.py         | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py
index d9279f2e4822..e2c41e21ff99 100644
--- a/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py
+++ b/python/ql/test/query-tests/Security/CWE-117-LogInjection/LogInjectionGood.py
@@ -18,6 +18,18 @@ def good1():
     logging.info('User name: ' + name) # Good
     return 'good1'
 
+@app.route('/good_repr1')
+def good_repr1():
+    name = request.args.get('name')
+    logging.info('User name: ' + repr(name)) # Good - repr() escapes special characters
+    return 'good_repr1'
+
+@app.route('/good_repr2')
+def good_repr2():
+    name = request.args.get('name')
+    logging.info('User name: %r', name) # Good - %r format specifier applies repr()
+    return 'good_repr2'
+
 if __name__ == '__main__':
     app.debug = True
     handler = logging.FileHandler('log')