Merge pull request #5265 from erik-krogh/cacheRemote

Approved by asgerf

Author: codeql-ci

javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll

@@ -415,7 +415,7 @@ module AccessPath {
   pragma[inline]
   DataFlow::SourceNode getAnAliasedSourceNode(DataFlow::Node node) {
     exists(DataFlow::SourceNode root, string accessPath |
-      node = AccessPath::getAReferenceTo(root, accessPath) and
+      node = pragma[only_bind_into](AccessPath::getAReferenceTo(root, accessPath)) and
       result = AccessPath::getAReferenceTo(root, accessPath)
     )
     or

javascript/ql/src/semmle/javascript/frameworks/Hapi.qll

@@ -196,11 +196,14 @@ module Hapi {
 
     private DataFlow::SourceNode getARouteHandler(DataFlow::TypeBackTracker t) {
       t.start() and
-      result = handler.flow().getALocalSource()
+      result = getRouteHandler().getALocalSource()
       or
       exists(DataFlow::TypeBackTracker t2 | result = getARouteHandler(t2).backtrack(t2, t))
     }
 
+    pragma[noinline]
+    private DataFlow::Node getRouteHandler() { result = handler.flow() }
+
     Expr getRouteHandlerExpr() { result = handler }
 
     override Expr getServer() { result = server }

javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll

@@ -7,13 +7,16 @@ import semmle.javascript.frameworks.HTTP
 import semmle.javascript.security.dataflow.DOM
 
 /** A data flow source of remote user input. */
+cached
 abstract class RemoteFlowSource extends DataFlow::Node {
   /** Gets a string that describes the type of this remote flow source. */
+  cached
   abstract string getSourceType();
 
   /**
    * Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
    */
+  cached
   predicate isUserControlledObject() { none() }
 }