hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: fixup

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-05-20 15:14:04 +02:00
parent c400b45cd6
commit e588e59f9b
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/semmle/javascript/frameworks/Fastify.qll
View File

@@ -132,9 +132,7 @@ module Fastify {
string kind;
RequestInputAccess() {
exists(DataFlow::PropRead read, string name |
this = read and read = rh.getARequestSource().ref().getAPropertyRead(name)
|
exists(string name | this = rh.getARequestSource().ref().getAPropertyRead(name) |
kind = "parameter" and
name = ["params", "query"]
or
@@ -150,7 +148,8 @@ module Fastify {
override predicate isUserControlledObject() {
kind = "body" and
(
usesFastifyPlugin(rh, DataFlow::moduleImport(["fastify-xml-body-parser", "fastify-formbody"]))
usesFastifyPlugin(rh,
DataFlow::moduleImport(["fastify-xml-body-parser", "fastify-formbody"]))
or
usesMiddleware(rh,
any(ExpressLibraries::BodyParser bodyParser | bodyParser.producesUserControlledObjects()))