Highlight API call

javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql

@@ -16,5 +16,5 @@ import LdapInjection::LdapInjection
 
 from LdapInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "LDAP query might include code from $@.", source.getNode(),
-  "user-provided value"
+select sink.getNode(), source, sink, "$@ might include code from $@.",
+  sink.getNode().(Sink).getQueryCall(), "LDAP query call", source.getNode(), "user-provided value"

javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll

@@ -16,7 +16,24 @@ module LdapInjection {
   /**
    * A data flow sink for LDAP injection vulnerabilities.
    */
-  abstract class Sink extends DataFlow::Node { }
+  abstract class Sink extends DataFlow::Node {
+    DataFlow::Node getQueryCall() {
+      exists(DataFlow::CallNode call |
+        result = call.getCalleeNode() and
+        call = any(LdapClient client).getAMemberCall(getLdapjsClientDNMethodName())
+      |
+        this =
+          call
+              .getArgument(1)
+              .getALocalSource()
+              .(DataFlow::SourceNode)
+              .getAPropertyWrite("filter")
+              .getRhs()
+        or
+        this = call.getArgument(0)
+      )
+    }
+  }
 
   /**
    * A sanitizer for LDAP injection vulnerabilities.