Update javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2026-04-29 18:55:14 +02:00 · 2020-08-26 01:48:05 +02:00
parent a1f64e26cf
commit e027c8cc13
1 changed files with 4 additions and 3 deletions
--- a/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
+++ b/javascript/ql/src/experimental/Security/CWE-614/InsecureCookie.qll
@@ -124,9 +124,10 @@ module Cookie {
   */
  class InsecureJsCookie extends Cookie {
    InsecureJsCookie() {
-      this = DataFlow::globalVarRef("Cookie").getAMemberCall("set") or
-      this = DataFlow::globalVarRef("Cookie").getAMemberCall("noConflict").getAMemberCall("set") or
-      this = DataFlow::moduleMember("js-cookie", "set").getACall()
+    this =
+      [DataFlow::globalVarRef("Cookie"),
+          DataFlow::globalVarRef("Cookie").getAMemberCall("noConflict"),
+          DataFlow::moduleImport("js-cookie")].getAMemberCall("set")
    }

    override string getKind() { result = "js-cookie" }