JS: Fix lurking cartesian product in Express

2026-05-03 04:39:29 +02:00 · 2019-05-15 17:12:58 +01:00
parent 1076c03016
commit 8fe2319a23
1 changed files with 3 additions and 3 deletions
--- a/javascript/ql/src/semmle/javascript/frameworks/Express.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Express.qll
@@ -415,9 +415,6 @@ module Express {
          )
        )
        or
-        kind = "body" and
-        this.asExpr() = rh.getARequestBodyAccess()
-        or
        exists(string propName |
          // `req.url` or `req.originalUrl`
          kind = "url" and
@@ -432,6 +429,9 @@ module Express {
        this.(DataFlow::PropRef).accesses(request, "cookies")
      )
      or
+      kind = "body" and
+      this.asExpr() = rh.getARequestBodyAccess()
+      or
      exists(RequestHeaderAccess access | this = access |
        rh = access.getRouteHandler() and
        kind = "header"