Now nextUrl is of type parameter and loosen the restriction for NextAppRouteHandler

2026-04-30 03:05:15 +02:00 · 2025-04-11 11:19:12 +02:00
parent 92e4f112c0
commit 11abbf8c4a
1 changed files with 10 additions and 16 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll
@@ -286,12 +286,7 @@ module NextJS {
        mod.getFile().getStem() = "middleware"
      |
        this =
-          mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and
-        (
-          this.getParameter(0).hasUnderlyingType("next/server", "NextRequest")
-          or
-          this.getParameter(0).hasUnderlyingType("Request")
-        )
+          mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue()
      )
    }

@@ -318,18 +313,17 @@ module NextJS {
      ) and
      kind = "body"
      or
-      (
-        this = handler.getRequest().getAPropertyRead(["url", "nextUrl"])
-        or
-        this =
-          handler
-              .getRequest()
-              .getAPropertyRead("nextUrl")
-              .getAPropertyRead("searchParams")
-              .getAMemberCall("get")
-      ) and
+      this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and
      kind = "url"
      or
+      this =
+        handler
+            .getRequest()
+            .getAPropertyRead("nextUrl")
+            .getAPropertyRead("searchParams")
+            .getAMemberCall("get") and
+      kind = "parameter"
+      or
      this = handler.getRequest().getAPropertyRead("headers") and kind = "headers"
    }