Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2026-04-30 03:05:15 +02:00 · 2020-05-06 12:54:50 +03:00
parent 3314dd0614
commit 122354a81a
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
+++ b/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
@@ -28,7 +28,7 @@ class SSTIPugSink extends ServerSideTemplateInjectionSink {
    exists(CallNode compile, ModuleImportNode renderImport |
      renderImport = moduleImport(["pug", "jade"]) and
      (
-        compile = renderImport.getAMemberCall("compile") and
+        compile = renderImport.getAMemberCall("compile")
        or
        compile = renderImport.getAMemberCall("render")
      ) and