Outcome
Both Razor XSS rules have independently identifiable vulnerable and safe examples.
Maintainer guidance
internal/sast/frameworks/razor/pack_test.go currently exercises Html.Raw and normal escaped output. Identify PF-RAZOR-XSS-002 from rules.go and add cases that cannot pass only because PF-RAZOR-XSS-001 fired.
Acceptance criteria
Scope
Only internal/sast/frameworks/razor/pack_test.go should normally change. Refs #7.
Outcome
Both Razor XSS rules have independently identifiable vulnerable and safe examples.
Maintainer guidance
internal/sast/frameworks/razor/pack_test.go currently exercises Html.Raw and normal escaped output. Identify PF-RAZOR-XSS-002 from rules.go and add cases that cannot pass only because PF-RAZOR-XSS-001 fired.
Acceptance criteria
Scope
Only internal/sast/frameworks/razor/pack_test.go should normally change. Refs #7.