From 8843522d143bd1dd46d1908b56c4f71e5bc34b51 Mon Sep 17 00:00:00 2001 From: Alessio Della Libera <43420907+dellalibera@users.noreply.github.com> Date: Tue, 16 Jun 2020 18:26:42 +0200 Subject: [PATCH] Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql Co-authored-by: Esben Sparre Andreasen --- .../Security/CWE-020/PostMessageNoOriginCheck.ql | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql index 98fa7b7a5a2..13df0908131 100644 --- a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql +++ b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql @@ -49,11 +49,9 @@ class PostMessageEvent extends DataFlow::SourceNode { * Holds if an access on `MessageEvent.origin` is in an `EqualityTest` and there is no call of an insufficient verification method on `MessageEvent.origin` */ predicate hasOriginChecked() { - exists(string prop | prop = "origin" or prop = "source" | - astNode.getAnOperand().(PropAccess).accesses(event, prop) and - event.mayReferToParameter*(this.asExpr()) and - not this.hasOriginInsufficientlyChecked() - ) + exists(EqualityTest test | + this.getAPropertyRead(["origin", "source"]).flowsToExpr(test.getAnOperand()) + ) } /**