hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add test and dont check predecessors

Browse Source
This commit is contained in:
Asger Feldthaus
2020-01-23 14:59:03 +00:00
parent 406c6eb981
commit b1ec3e1bf2
8 changed files with 41 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
View File

@@ -109,7 +109,7 @@ where
// the handler wouldn't work. However, if we can't find the cookie middleware, it
// indicates that our middleware model is too incomplete, so in that case we
// don't trust it to detect the presence of CSRF middleware either.
getARouteUsingCookies().flowsToExpr(handler.getPreviousMiddleware*()) and
getARouteUsingCookies().flowsToExpr(handler) and
hasCookieMiddleware(handler, cookie) and
// Only flag the first cookie parser registered first.