Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql

monkey-junkie · erik-krogh · web-flow · commit 3a4ea82ae254 · 2020-05-05T12:02:46.000+03:00
Co-authored-by: Erik Krogh Kristensen &lt;erik-krogh@github.com&gt;
diff --git a/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql b/javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.ql
@@ -25,11 +25,11 @@ abstract class ServerSideTemplateInjectionSink extends DataFlow::Node { }
 
 class SSTIPugSink extends ServerSideTemplateInjectionSink {
   SSTIPugSink() {
-    exists(CallNode compile, ModuleImportNode renderImport, Node sink |
+    exists(CallNode compile, ModuleImportNode renderImport |
       renderImport = moduleImport(["pug", "jade"]) and
       (
         compile = renderImport.getAMemberCall("compile") and
-        sink.getStartLine() != sink.getASuccessor().getStartLine()
+        exists(compile.getACall())
         or
         compile = renderImport.getAMemberCall("render")
       ) and
