JS: use isUserControlledObject in js/type-confusion-through-parameter-tampering

2026-05-01 19:55:15 +02:00 · 2018-11-07 12:11:37 +01:00
parent a2df4f9bfe
commit f0343d0678
1 changed files with 1 additions and 6 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll
@@ -54,12 +54,7 @@ module TypeConfusionThroughParameterTampering {
  private class TypeTamperableRequestParameter extends Source {

    TypeTamperableRequestParameter() {
-      this.(HTTP::RequestInputAccess).getKind() = "parameter" and
-      not exists (Express::RequestExpr request, DataFlow::PropRead base |
-        // Express's `req.params.name` is always a string
-        base.accesses(request.flow(), "params") and
-        this = base.getAPropertyRead(_)
-      )
+      this.(HTTP::RequestInputAccess).isUserControlledObject()
    }

  }