hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
This commit is contained in:
Asger F
2020-01-28 12:46:51 +00:00
committed by GitHub
parent 310dd05185
commit 701d9989be
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
View File

@@ -35,7 +35,7 @@ private DataFlow::SourceNode nodeLeadingToCookieAccess(DataFlow::TypeBackTracker
)
}
/** Gets a data flow node that flows to the base of an access to `cookies` or `session`. */
/** Gets a data flow node that flows to the base of an access to `cookies`, `session`, or `user`. */
DataFlow::SourceNode nodeLeadingToCookieAccess() {
result = nodeLeadingToCookieAccess(DataFlow::TypeBackTracker::end())
}
@@ -123,7 +123,7 @@ where
getARouteUsingCookies().flowsToExpr(handler) and
hasCookieMiddleware(handler, cookie) and
// Only flag the first cookie parser registered first.
// Only flag the cookie parser registered first.
not hasCookieMiddleware(cookie, _) and
not hasCsrfMiddleware(handler) and