From f7ab29aa2ba7353564ea54a2e0160bef28cfc275 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esben@semmle.com>
Date: Mon, 6 Aug 2018 15:09:48 +0200
Subject: [PATCH] JS: support "express-rate-limit" non-constructor calls

---
 .../semmle/javascript/security/dataflow/MissingRateLimiting.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll b/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll
index a9c6d86c8b1..aa4c561047d 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll
@@ -131,7 +131,7 @@ abstract class RateLimiter extends Express::RouteHandlerExpr {
  */
 class ExpressRateLimit extends RateLimiter {
   ExpressRateLimit() {
-    DataFlow::moduleImport("express-rate-limit").getAnInstantiation().flowsToExpr(this)
+    DataFlow::moduleImport("express-rate-limit").getAnInvocation().flowsToExpr(this)
   }
 }