Update javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2026-04-30 11:15:13 +02:00 · 2020-09-01 21:00:21 +02:00
parent 28729915d7
commit b86b9ba510
1 changed files with 3 additions and 13 deletions
--- a/javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
+++ b/javascript/ql/src/experimental/Security/CWE-090/LdapInjectionCustomizations.qll
@@ -39,16 +39,8 @@ module LdapInjection {
   * An LDAP filter for an API call that executes an operation against the LDAP server.
   */
  class LdapjsSearchFilterAsSink extends Sink, LdapjsSearchFilter {
-    override DataFlow::Node getQueryCall() {
-      exists(LdapjsClientAPICall call | result = call.getCalleeNode() |
-        this =
-          call
-              .getArgument(1)
-              .getALocalSource()
-              .(DataFlow::SourceNode)
-              .getAPropertyWrite("filter")
-              .getRhs()
-      )
+    override DataFlow::InvokeNode getQueryCall() {
+      result = this.(LdapjsSearchFilter).getQueryCall()
    }
  }

@@ -56,9 +48,7 @@ module LdapInjection {
   * An LDAP DN argument for an API call that executes an operation against the LDAP server.
   */
  class LdapjsDNArgumentAsSink extends Sink, LdapjsDNArgument {
-    override DataFlow::Node getQueryCall() {
-      exists(LdapjsClientAPICall call | result = call.getCalleeNode() | this = call.getArgument(0))
-    }
+    override DataFlow::InvokeNode getQueryCall() { result = this.(LdapjsDNArgument).getQueryCall() }
  }

  /**