diff --git a/change-notes/1.26/analysis-javascript.md b/change-notes/1.26/analysis-javascript.md index debe63bd1cf..e88c84b7115 100644 --- a/change-notes/1.26/analysis-javascript.md +++ b/change-notes/1.26/analysis-javascript.md @@ -43,7 +43,7 @@ | Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | More results | This query now detects more unsafe uses of nested option properties. | | Client-side URL redirect (`js/client-side-unvalidated-url-redirection`) | More results | This query now recognizes some unsafe uses of `importScripts()` inside WebWorkers. | | Missing CSRF middleware (`js/missing-token-validation`) | More results | This query now recognizes writes to cookie and session variables as potentially vulnerable to CSRF attacks. | -| Missing CSRF middleware (`js/missing-token-validation`) | Less results | This query now recognizes more ways of protecting against CSRF attacks. | +| Missing CSRF middleware (`js/missing-token-validation`) | Fewer results | This query now recognizes more ways of protecting against CSRF attacks. | ## Changes to libraries diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql index baef11e5471..2f896418706 100644 --- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql +++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql @@ -126,7 +126,7 @@ private Express::RouteHandler getAHandlerSettingCsrfCookie() { * This is indicated either by the request parameter having a CSRF related write to a session variable. * Or by the response parameter setting a CSRF related cookie. */ -predicate isACsrfProtectionRouteHandler(Express::RouteHandler handler) { +predicate isCsrfProtectionRouteHandler(Express::RouteHandler handler) { DataFlow::parameterNode(handler.getRequestParameter()) = nodeLeadingToCsrfWrite(DataFlow::TypeBackTracker::end()) or @@ -136,7 +136,7 @@ predicate isACsrfProtectionRouteHandler(Express::RouteHandler handler) { /** Gets a data flow node refering to a route handler that is protecting against CSRF. */ private DataFlow::SourceNode getACsrfProtectionRouteHandler(DataFlow::TypeTracker t) { t.start() and - isACsrfProtectionRouteHandler(result) + isCsrfProtectionRouteHandler(result) or exists(DataFlow::TypeTracker t2, DataFlow::SourceNode pred | pred = getACsrfProtectionRouteHandler(t2) @@ -150,7 +150,7 @@ private DataFlow::SourceNode getACsrfProtectionRouteHandler(DataFlow::TypeTracke /** * Gets an express route handler expression that is either a custom CSRF protection middleware, - * or a CSFR protecting library. + * or a CSRF protecting library. */ Express::RouteHandlerExpr getACsrfMiddleware() { csrfMiddlewareCreation().flowsToExpr(result)