From 71cf0426072d8520d17b50dd549460d79d846b6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Tue, 14 Oct 2025 13:14:50 +0200
Subject: [PATCH] JS/IndirectCommandInjectionQuery

javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
---
 .../security/dataflow/IndirectCommandInjectionQuery.qll      | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
index 87d85911a1b..6dbba8261fb 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
@@ -30,8 +30,9 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
-    exists(DataFlow::Node node |
-      isSinkWithHighlight(sink, node) and
+    exists(DataFlow::Node node | isSinkWithHighlight(sink, node) |
+      result = sink.getLocation()
+      or
       result = node.getLocation()
     )
   }