Update LdapjsSearchOptions

dellalibera · dellalibera · commit 15562e48149f · 2020-09-01T22:28:58.000+02:00
diff --git a/javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll b/javascript/ql/src/experimental/Security/CWE-090/Ldapjs.qll
@@ -33,9 +33,17 @@ module Ldapjs {
    * Gets a data flow node for the client `search` options.
    */
   class LdapjsSearchOptions extends DataFlow::SourceNode {
+    DataFlow::CallNode queryCall;
+
     LdapjsSearchOptions() {
-      this = any(LdapjsClient client).getAMemberCall("search").getArgument(1).getALocalSource()
+      queryCall = any(LdapjsClient client).getAMemberCall("search") and
+      this = queryCall.getArgument(1).getALocalSource()
     }
+
+    /**
+     * Gets the LDAP query call that these options are used in.
+     */
+    DataFlow::InvokeNode getQueryCall() { result = queryCall }
   }
 
   /**
