JS: use DataFlow::SourceNode in two additional locations

Esben Sparre Andreasen · Esben Sparre Andreasen · commit 7607b6beff75 · 2018-08-21T22:32:52.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll
@@ -165,10 +165,9 @@ module CleartextLogging {
 
     ObjectPasswordPropertySource() {
       exists (DataFlow::PropWrite write |
-        write.getPropertyName() = name and
         name.regexpMatch(suspiciousPassword()) and
         not name.regexpMatch(nonSuspicious()) and
-        this.(DataFlow::SourceNode).flowsTo(write.getBase()) and
+        write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and
         // avoid safe values assigned to presumably unsafe names
         not write.getRhs() instanceof NonCleartextPassword
       )
@@ -190,13 +189,11 @@ module CleartextLogging {
       (
         this.asExpr().(VarAccess).getName() = name
         or
-        exists (DataFlow::PropRead read, DataFlow::Node base |
-          this = read and
-          base = read.getBase() and
-          read.getPropertyName() = name and
+        exists (DataFlow::SourceNode base |
+          this = base.getAPropertyRead(name) and
           // avoid safe values assigned to presumably unsafe names
           exists (DataFlow::SourceNode baseObj | baseObj.flowsTo(base) |
-            not baseObj.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword
+            not base.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword
           )
         )
       )

Original file line number	Diff line number	Diff line change
`@@ -165,10 +165,9 @@ module CleartextLogging {`
`165`	`165`
`166`	`166`	`ObjectPasswordPropertySource() {`
`167`	`167`	`exists (DataFlow::PropWrite write \|`
`168`		`- write.getPropertyName() = name and`
`169`	`168`	`name.regexpMatch(suspiciousPassword()) and`
`170`	`169`	`not name.regexpMatch(nonSuspicious()) and`
`171`		`- this.(DataFlow::SourceNode).flowsTo(write.getBase()) and`
	`170`	`+ write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and`
`172`	`171`	`// avoid safe values assigned to presumably unsafe names`
`173`	`172`	`not write.getRhs() instanceof NonCleartextPassword`
`174`	`173`	`)`
`@@ -190,13 +189,11 @@ module CleartextLogging {`
`190`	`189`	`(`
`191`	`190`	`this.asExpr().(VarAccess).getName() = name`
`192`	`191`	`or`
`193`		`- exists (DataFlow::PropRead read, DataFlow::Node base \|`
`194`		`- this = read and`
`195`		`- base = read.getBase() and`
`196`		`- read.getPropertyName() = name and`
	`192`	`+ exists (DataFlow::SourceNode base \|`
	`193`	`+ this = base.getAPropertyRead(name) and`
`197`	`194`	`// avoid safe values assigned to presumably unsafe names`
`198`	`195`	`exists (DataFlow::SourceNode baseObj \| baseObj.flowsTo(base) \|`
`199`		`- not baseObj.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword`
	`196`	`+ not base.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword`
`200`	`197`	`)`
`201`	`198`	`)`
`202`	`199`	`)`