improve performance by using RouteHandlerCandidate

javascript/ql/src/semmle/javascript/frameworks/Express.qll

@@ -89,7 +89,7 @@ module Express {
   /**
    * Holds if a call to `callee` inside `f` forwards all of the parameters from `f` to that call.
    */
-  private predicate forwardingCall(DataFlow::SourceNode callee, DataFlow::FunctionNode f) {
+  private predicate forwardingCall(DataFlow::SourceNode callee, HTTP::RouteHandlerCandidate f) {
     exists(DataFlow::CallNode call | call = callee.getACall() |
       f.getNumParameter() >= 2 and
       forall(int arg | arg = [0 .. f.getNumParameter() - 1] |

javascript/ql/src/semmle/javascript/frameworks/HTTP.qll

@@ -574,8 +574,7 @@ module HTTP {
           read = DataFlow::lvalueNode(any(ForOfStmt stmt).getLValue())
           or
           // for forwarding calls to an element where the key is determined by the request.
-          getRequestParameterRead(read.getContainer().(Function).flow())
+          getRequestParameterRead().flowsToExpr(read.getPropertyNameExpr())
-              .flowsToExpr(read.getPropertyNameExpr())
         )
       }
     }
@@ -583,12 +582,12 @@ module HTTP {
     /**
      * Gets a (chained) property-read/method-call on the request parameter of the route-handler `f`.
      */
-    private DataFlow::SourceNode getRequestParameterRead(RouteHandlerCandidate f) {
+    private DataFlow::SourceNode getRequestParameterRead() {
-      result = f.getParameter(0)
+      result = any(RouteHandlerCandidate f).getParameter(0)
       or
-      result = getRequestParameterRead(f).getAPropertyRead()
+      result = getRequestParameterRead().getAPropertyRead()
       or
-      result = getRequestParameterRead(f).getAMethodCall()
+      result = getRequestParameterRead().getAMethodCall()
     }
 
     /**