Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2026-04-30 19:26:02 +02:00 · 2020-06-16 18:27:21 +02:00
parent 8843522d14
commit 68b2a6c848
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
+++ b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
@@ -65,5 +65,5 @@ class PostMessageEvent extends DataFlow::SourceNode {
 }

 from PostMessageEvent event
-where not event.hasOriginChecked()
+where not event.hasOriginChecked() or event.hasOriginInsufficientlyChecked()
 select event, "Missing or unsafe origin verification"