Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql

monkey-junkie · erik-krogh · web-flow · commit 056566ecc148 · 2020-05-05T12:05:01.000+03:00
Co-authored-by: Erik Krogh Kristensen &lt;erik-krogh@github.com&gt;
diff --git a/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql b/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
@@ -40,9 +40,9 @@ class SSTIPugSink extends ServerSideTemplateInjectionSink {
 
 class SSTIDotSink extends ServerSideTemplateInjectionSink {
   SSTIDotSink() {
-    exists(CallNode compile, Node sink |
+    exists(CallNode compile |
       compile = moduleImport("dot").getAMemberCall("template") and
-      sink.getStartLine() != sink.getASuccessor().getStartLine() and
+      exists(compile.getACall()) and
       this = compile.getArgument(0)
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -40,9 +40,9 @@ class SSTIPugSink extends ServerSideTemplateInjectionSink {`
`40`	`40`
`41`	`41`	`class SSTIDotSink extends ServerSideTemplateInjectionSink {`
`42`	`42`	`SSTIDotSink() {`
`43`		`- exists(CallNode compile, Node sink \|`
	`43`	`+ exists(CallNode compile \|`
`44`	`44`	`compile = moduleImport("dot").getAMemberCall("template") and`
`45`		`- sink.getStartLine() != sink.getASuccessor().getStartLine() and`
	`45`	`+ exists(compile.getACall()) and`
`46`	`46`	`this = compile.getArgument(0)`
`47`	`47`	`)`
`48`	`48`	`}`