Skip to content

Commit 7607b6b

Browse files
author
Esben Sparre Andreasen
committed
JS: use DataFlow::SourceNode in two additional locations
1 parent 6950bfe commit 7607b6b

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/CleartextLogging.qll

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -165,10 +165,9 @@ module CleartextLogging {
165165

166166
ObjectPasswordPropertySource() {
167167
exists (DataFlow::PropWrite write |
168-
write.getPropertyName() = name and
169168
name.regexpMatch(suspiciousPassword()) and
170169
not name.regexpMatch(nonSuspicious()) and
171-
this.(DataFlow::SourceNode).flowsTo(write.getBase()) and
170+
write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and
172171
// avoid safe values assigned to presumably unsafe names
173172
not write.getRhs() instanceof NonCleartextPassword
174173
)
@@ -190,13 +189,11 @@ module CleartextLogging {
190189
(
191190
this.asExpr().(VarAccess).getName() = name
192191
or
193-
exists (DataFlow::PropRead read, DataFlow::Node base |
194-
this = read and
195-
base = read.getBase() and
196-
read.getPropertyName() = name and
192+
exists (DataFlow::SourceNode base |
193+
this = base.getAPropertyRead(name) and
197194
// avoid safe values assigned to presumably unsafe names
198195
exists (DataFlow::SourceNode baseObj | baseObj.flowsTo(base) |
199-
not baseObj.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword
196+
not base.getAPropertyWrite(name).getRhs() instanceof NonCleartextPassword
200197
)
201198
)
202199
)

0 commit comments

Comments
 (0)