From 4dfc0680e257badb8f8abd894dbdffcf58dfefcb Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Mon, 21 Sep 2020 10:42:19 +0200
Subject: [PATCH] support non SourceNode receiver for partialInvoke in
 routeHandlerStep

---
 javascript/ql/src/semmle/javascript/frameworks/HTTP.qll | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
index c15836e50d3..e552bbcb85c 100644
--- a/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
@@ -275,7 +275,9 @@ module HTTP {
     exists(HTTP::RouteHandlerCandidateContainer container | pred = container.getRouteHandler(succ))
     or
     // (function (req, res) {}).bind(this);
-    exists(DataFlow::PartialInvokeNode call | succ = call.getBoundFunction(pred, 0))
+    exists(DataFlow::PartialInvokeNode call |
+      succ = call.getBoundFunction(any(DataFlow::Node n | pred.flowsTo(n)), 0)
+    )
   }
 
   /**