Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8fe2319

Browse files
asger-semmleasger-semmle
committed
JS: Fix lurking cartesian product in Express
1 parent 1076c03 commit 8fe2319

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

  • javascript/ql/src/semmle/javascript/frameworks

javascript/ql/src/semmle/javascript/frameworks/Express.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -415,9 +415,6 @@ module Express {
415415
)
416416
)
417417
or
418-
kind = "body" and
419-
this.asExpr() = rh.getARequestBodyAccess()
420-
or
421418
exists(string propName |
422419
// `req.url` or `req.originalUrl`
423420
kind = "url" and
@@ -432,6 +429,9 @@ module Express {
432429
this.(DataFlow::PropRef).accesses(request, "cookies")
433430
)
434431
or
432+
kind = "body" and
433+
this.asExpr() = rh.getARequestBodyAccess()
434+
or
435435
exists(RequestHeaderAccess access | this = access |
436436
rh = access.getRouteHandler() and
437437
kind = "header"

0 commit comments

Comments
 (0)