hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Express Argument has to be Cors

Browse Source
This commit is contained in:
maikypedia
2023-12-07 23:01:41 +01:00
parent 83cbbd7043
commit 87cac2a4e3
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/lib/semmle/javascript/frameworks/Express.qll
View File

@@ -1077,7 +1077,13 @@ module Express {
* An express route setup configured with the `cors` package.
*/
class CorsConfiguration extends DataFlow::MethodCallNode {
CorsConfiguration() { exists(Express::RouteSetup setup | this = setup | setup.isUseCall()) }
CorsConfiguration() {
exists(Express::RouteSetup setup | this = setup |
setup.isUseCall() and setup.getArgument(0) instanceof Cors::Cors
or
not setup.isUseCall() and setup.getAnArgument() instanceof Cors::Cors
)
}
/** Gets the cors argument */
Cors::Cors getArgument() { result = this.getArgument(0) }