hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

better join-order fix in HTTP

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-09-22 21:02:26 +02:00
parent 475519c9ee
commit ec2b3f0b6c
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
View File

@@ -253,21 +253,20 @@ module HTTP {
private predicate isDecoratedCall(DataFlow::CallNode call, DataFlow::FunctionNode decoratee) {
// indirect route-handler `result` is given to function `outer`, which returns function `inner` which calls the function `pred`.
exists(int i, DataFlow::FunctionNode outer, HTTP::RouteHandlerCandidate inner |
inner = outer.getAReturn().getALocalSource() and
decoratee = call.getArgument(i).getALocalSource() and
outer.getFunction() = call.getACallee() and
returnsRouteHandler(outer, inner) and
isAForwardingRouteHandlerCall(outer.getParameter(i), inner)
hasForwardingHandlerParameter(i, outer, inner)
)
}
/**
* Holds if `fun` returns the route-handler-candidate `routeHandler`.
* Holds if the `i`th parameter of `outer` has a call that `inner` forwards its parameters to.
*/
pragma[noinline]
private predicate returnsRouteHandler(
DataFlow::FunctionNode fun, HTTP::RouteHandlerCandidate routeHandler
private predicate hasForwardingHandlerParameter(
int i, DataFlow::FunctionNode outer, HTTP::RouteHandlerCandidate inner
) {
routeHandler = fun.getAReturn().getALocalSource()
isAForwardingRouteHandlerCall(outer.getParameter(i), inner)
}
/**