Update javascript/ql/lib/semmle/javascript/frameworks/Spife.qll

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2026-04-30 03:05:15 +02:00 · 2022-12-14 10:18:47 +01:00
parent 270a4355df
commit 701676eea1
1 changed files with 6 additions and 7 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/Spife.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Spife.qll
@@ -165,13 +165,12 @@ module Spife {
      kind = "cookie"
      or
      // req.validatedBody.get('foo')
-      exists(DataFlow::PropRead validated, DataFlow::MethodCallNode get |
-        rh.getARequestSource().ref().getAPropertyRead() = validated and
-        validated.getPropertyName().matches("validated%") and
-        get.getReceiver() = validated and
-        this = get and
-        kind = "body"
-      )
+      this =
+        rh.getARequestSource()
+            .ref()
+            .getAPropertyRead(any(string s | s.matches("validated%")))
+            .getAMethodCall("get") and
+      kind = "body"
    }

    override RouteHandler getRouteHandler() { result = rh }