better join-order fix in HTTP

erik-krogh · erik-krogh · commit ec2b3f0b6ca6 · 2020-09-22T21:02:26.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll
@@ -253,21 +253,20 @@ module HTTP {
   private predicate isDecoratedCall(DataFlow::CallNode call, DataFlow::FunctionNode decoratee) {
     // indirect route-handler `result` is given to function `outer`, which returns function `inner` which calls the function `pred`.
     exists(int i, DataFlow::FunctionNode outer, HTTP::RouteHandlerCandidate inner |
+      inner = outer.getAReturn().getALocalSource() and
       decoratee = call.getArgument(i).getALocalSource() and
       outer.getFunction() = call.getACallee() and
-      returnsRouteHandler(outer, inner) and
-      isAForwardingRouteHandlerCall(outer.getParameter(i), inner)
+      hasForwardingHandlerParameter(i, outer, inner)
     )
   }
 
   /**
-   * Holds if `fun` returns the route-handler-candidate `routeHandler`.
+   * Holds if the `i`th parameter of `outer` has a call that `inner` forwards its parameters to.
    */
-  pragma[noinline]
-  private predicate returnsRouteHandler(
-    DataFlow::FunctionNode fun, HTTP::RouteHandlerCandidate routeHandler
+  private predicate hasForwardingHandlerParameter(
+    int i, DataFlow::FunctionNode outer, HTTP::RouteHandlerCandidate inner
   ) {
-    routeHandler = fun.getAReturn().getALocalSource()
+    isAForwardingRouteHandlerCall(outer.getParameter(i), inner)
   }
 
   /**
