change RouteSetup to a DataFlow::Node

2026-04-30 19:26:02 +02:00 · 2022-03-30 14:17:01 +02:00
parent d98028be1a
commit 9cb7522bc1
30 changed files with 124 additions and 120 deletions
--- a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
+++ b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
@@ -135,7 +135,7 @@ DataFlow::CallNode servesAPrivateFolder(string description) {
 */
 Express::RouteSetup getAnExposingExpressSetup(string path) {
  result.isUseCall() and
-  result.getArgument([0 .. 1]) = servesAPrivateFolder(path).getEnclosingExpr()
+  result.getArgument([0 .. 1]) = servesAPrivateFolder(path)
 }

 /**
@@ -149,7 +149,7 @@ DataFlow::CallNode getAnExposingServeSetup(string path) {

 from DataFlow::Node node, string path
 where
-  node = getAnExposingExpressSetup(path).flow()
+  node = getAnExposingExpressSetup(path)
  or
  node = getAnExposingServeSetup(path)
 select node, "Serves " + path + ", which can contain private information."
--- a/javascript/ql/src/experimental/poi/PoI.qll
+++ b/javascript/ql/src/experimental/poi/PoI.qll
@@ -77,7 +77,7 @@ private module StandardPoIs {
    UnpromotedRouteSetupPoI() { this = "UnpromotedRouteSetupPoI" }

    override predicate is(Node l0) {
-      l0 instanceof HTTP::RouteSetupCandidate and not l0.asExpr() instanceof HTTP::RouteSetup
+      l0 instanceof HTTP::RouteSetupCandidate and not l0 instanceof HTTP::RouteSetup
    }
  }

--- a/javascript/ql/src/meta/analysis-quality/UnpromotedRouteSetupCandidate.ql
+++ b/javascript/ql/src/meta/analysis-quality/UnpromotedRouteSetupCandidate.ql
@@ -13,7 +13,7 @@ import CandidateTracking

 from HTTP::RouteSetupCandidate setup
 where
-  not setup.asExpr() instanceof HTTP::RouteSetup and
+  not setup instanceof HTTP::RouteSetup and
  exists(HTTP::RouteHandlerCandidate rh |
    track(rh, DataFlow::TypeTracker::end()).flowsTo(setup.getARouteHandlerArg())
  )