JS: address review comments

Author: Esben Sparre Andreasen

javascript/ql/src/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTampering.qll

@@ -108,13 +108,13 @@ module TypeConfusionThroughParameterTampering {
             read.asExpr() = cond.getTest()
           )
           or
-          exists (EqualityTest eq, Expr zero |
+          exists (Comparison cmp, Expr zero |
             zero.getIntValue() = 0 and
-            eq.hasOperands(read.asExpr(), zero)
+            cmp.hasOperands(read.asExpr(), zero)
           )
           or
-          exists (LogNotExpr eq |
-            eq.getOperand() = read.asExpr()
+          exists (LogNotExpr neg |
+            neg.getOperand() = read.asExpr()
           )
         )
       )

javascript/ql/test/query-tests/Security/CWE-843/tst.js

@@ -54,7 +54,8 @@ express().get('/some/path/:foo', function(req, res) {
 express().get('/some/path/:foo', function(req, res) {
     if (req.query.path.length) {} // OK
     req.query.path.length == 0; // OK
-    !req.query.path.length == 0; // OK
+    !req.query.path.length; // OK
+    req.query.path.length > 0; // OK
 });
 
 express().get('/some/path/:foo', function(req, res) {