From 2bd48db8cd0bb3002e093245c593b2b4e86bdeb8 Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Tue, 5 Nov 2019 10:16:20 +0100
Subject: [PATCH] refactor isSanitizerEdge in clear-text-logging

---
 .../semmle/javascript/security/dataflow/CleartextLogging.qll  | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll
index 547ee674696..cb5e74ca05e 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll
@@ -36,10 +36,8 @@ module CleartextLogging {
 
     override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel lbl) {
       // Only unknown property reads on `process.env` propagate taint.
-      not lbl instanceof ProcessEnvLabel and 
+      (not lbl instanceof ProcessEnvLabel or exists(succ.(DataFlow::PropRead).getPropertyName())) and 
       succ.(DataFlow::PropRead).getBase() = pred
-      or 
-      exists(succ.(DataFlow::PropRead).getPropertyName())
     }
        
     override predicate isAdditionalFlowStep(