File tree Expand file tree Collapse file tree 1 file changed +6
-7
lines changed
javascript/ql/src/semmle/javascript/frameworks Expand file tree Collapse file tree 1 file changed +6
-7
lines changed Original file line number Diff line number Diff line change @@ -253,21 +253,20 @@ module HTTP {
253253 private predicate isDecoratedCall ( DataFlow:: CallNode call , DataFlow:: FunctionNode decoratee ) {
254254 // indirect route-handler `result` is given to function `outer`, which returns function `inner` which calls the function `pred`.
255255 exists ( int i , DataFlow:: FunctionNode outer , HTTP:: RouteHandlerCandidate inner |
256+ inner = outer .getAReturn ( ) .getALocalSource ( ) and
256257 decoratee = call .getArgument ( i ) .getALocalSource ( ) and
257258 outer .getFunction ( ) = call .getACallee ( ) and
258- returnsRouteHandler ( outer , inner ) and
259- isAForwardingRouteHandlerCall ( outer .getParameter ( i ) , inner )
259+ hasForwardingHandlerParameter ( i , outer , inner )
260260 )
261261 }
262262
263263 /**
264- * Holds if `fun` returns the route-handler-candidate `routeHandler` .
264+ * Holds if the `i`th parameter of `outer` has a call that `inner` forwards its parameters to .
265265 */
266- pragma [ noinline]
267- private predicate returnsRouteHandler (
268- DataFlow:: FunctionNode fun , HTTP:: RouteHandlerCandidate routeHandler
266+ private predicate hasForwardingHandlerParameter (
267+ int i , DataFlow:: FunctionNode outer , HTTP:: RouteHandlerCandidate inner
269268 ) {
270- routeHandler = fun . getAReturn ( ) . getALocalSource ( )
269+ isAForwardingRouteHandlerCall ( outer . getParameter ( i ) , inner )
271270 }
272271
273272 /**
You can’t perform that action at this time.
0 commit comments