From f3af23e855dbd296350aebce1d01887d9590f121 Mon Sep 17 00:00:00 2001
From: Napalys <napalys@github.com>
Date: Fri, 28 Mar 2025 13:29:18 +0100
Subject: [PATCH] Refactored hana's DB client to use `GuardedRouteHandler`,
 improving precision.

---
 javascript/ql/lib/ext/hana-db-client.model.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/lib/ext/hana-db-client.model.yml b/javascript/ql/lib/ext/hana-db-client.model.yml
index f6e177d74ae..c30d38a751b 100644
--- a/javascript/ql/lib/ext/hana-db-client.model.yml
+++ b/javascript/ql/lib/ext/hana-db-client.model.yml
@@ -4,7 +4,13 @@ extensions:
       extensible: sinkModel
     data:
       - ["@sap/hana-client", "Member[createConnection].ReturnValue.Member[exec,prepare].Argument[0]", "sql-injection"]
-      - ["hdb", "Member[createClient].ReturnValue.Member[exec,prepare,execute].Argument[0]", "sql-injection"]
+      - ["hdb.Client", "Member[exec,prepare,execute].Argument[0]", "sql-injection"]
       - ["@sap/hdbext", "Member[loadProcedure].Argument[2]", "sql-injection"]
       - ["@sap/hana-client/extension/Stream", "Member[createProcStatement].Argument[1]", "sql-injection"]
-      - ["express", "ReturnValue.Member[get].Argument[1].Parameter[0].Member[db].Member[exec].Argument[0]", "sql-injection"]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ["hdb.Client", "hdb", "Member[createClient].ReturnValue"]
+      - ["hdb.Client", "@sap/hdbext", "Member[middleware].ReturnValue.GuardedRouteHandler.Parameter[0].Member[db]"]