JS: address review comments

2026-05-02 04:05:14 +02:00 · 2018-08-22 13:54:07 +02:00
parent fef257b1ec
commit 218c0cb51a
2 changed files with 6 additions and 5 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
@@ -108,13 +108,13 @@ module TypeConfusionThroughParameterTampering {
            read.asExpr() = cond.getTest()
          )
          or
-          exists (EqualityTest eq, Expr zero |
+          exists (Comparison cmp, Expr zero |
            zero.getIntValue() = 0 and
-            eq.hasOperands(read.asExpr(), zero)
+            cmp.hasOperands(read.asExpr(), zero)
          )
          or
-          exists (LogNotExpr eq |
-            eq.getOperand() = read.asExpr()
+          exists (LogNotExpr neg |
+            neg.getOperand() = read.asExpr()
          )
        )
      )
--- a/javascript/ql/test/query-tests/Security/CWE-843/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-843/tst.js
@@ -54,7 +54,8 @@ express().get('/some/path/:foo', function(req, res) {
 express().get('/some/path/:foo', function(req, res) {
    if (req.query.path.length) {} // OK
    req.query.path.length == 0; // OK
-    !req.query.path.length == 0; // OK
+    !req.query.path.length; // OK
+    req.query.path.length > 0; // OK
 });

 express().get('/some/path/:foo', function(req, res) {