inline value in nodeLeadingToCsrfWrite

2026-04-27 09:45:15 +02:00 · 2020-10-16 14:21:49 +02:00
parent 017c73dce3
commit 27a2cd310d
1 changed files with 5 additions and 4 deletions
--- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
@@ -103,10 +103,11 @@ DataFlow::CallNode csrfMiddlewareCreation() {
 */
 private DataFlow::SourceNode nodeLeadingToCsrfWrite(DataFlow::TypeBackTracker t) {
  t.start() and
-  exists(DataFlow::PropRef value |
-    value = result.getAPropertyRead(cookieProperty()).getAPropertyWrite() and
-    value.getPropertyName().regexpMatch("(?i).*(csrf|xsrf).*")
-  )
+  result
+      .getAPropertyRead(cookieProperty())
+      .getAPropertyWrite()
+      .getPropertyName()
+      .regexpMatch("(?i).*(csrf|xsrf).*")
  or
  exists(DataFlow::TypeBackTracker t2 | result = nodeLeadingToCsrfWrite(t2).backtrack(t2, t))
 }