Merge pull request github#5265 from erik-krogh/cacheRemote

codeql-ci · web-flow · commit 9ea8f8201c2e · 2021-03-02T02:03:09.000-08:00
Approved by asgerf
diff --git a/javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll b/javascript/ql/src/semmle/javascript/GlobalAccessPaths.qll
@@ -415,7 +415,7 @@ module AccessPath {
   pragma[inline]
   DataFlow::SourceNode getAnAliasedSourceNode(DataFlow::Node node) {
     exists(DataFlow::SourceNode root, string accessPath |
-      node = AccessPath::getAReferenceTo(root, accessPath) and
+      node = pragma[only_bind_into](AccessPath::getAReferenceTo(root, accessPath)) and
       result = AccessPath::getAReferenceTo(root, accessPath)
     )
     or
diff --git a/javascript/ql/src/semmle/javascript/frameworks/Hapi.qll b/javascript/ql/src/semmle/javascript/frameworks/Hapi.qll
@@ -196,11 +196,14 @@ module Hapi {
 
     private DataFlow::SourceNode getARouteHandler(DataFlow::TypeBackTracker t) {
       t.start() and
-      result = handler.flow().getALocalSource()
+      result = getRouteHandler().getALocalSource()
       or
       exists(DataFlow::TypeBackTracker t2 | result = getARouteHandler(t2).backtrack(t2, t))
     }
 
+    pragma[noinline]
+    private DataFlow::Node getRouteHandler() { result = handler.flow() }
+
     Expr getRouteHandlerExpr() { result = handler }
 
     override Expr getServer() { result = server }
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll b/javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -7,13 +7,16 @@ import semmle.javascript.frameworks.HTTP
 import semmle.javascript.security.dataflow.DOM
 
 /** A data flow source of remote user input. */
+cached
 abstract class RemoteFlowSource extends DataFlow::Node {
   /** Gets a string that describes the type of this remote flow source. */
+  cached
   abstract string getSourceType();
 
   /**
    * Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.
    */
+  cached
   predicate isUserControlledObject() { none() }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -415,7 +415,7 @@ module AccessPath {`
`415`	`415`	`pragma[inline]`
`416`	`416`	`DataFlow::SourceNode getAnAliasedSourceNode(DataFlow::Node node) {`
`417`	`417`	`exists(DataFlow::SourceNode root, string accessPath \|`
`418`		`- node = AccessPath::getAReferenceTo(root, accessPath) and`
	`418`	`+ node = pragma[only_bind_into](AccessPath::getAReferenceTo(root, accessPath)) and`
`419`	`419`	`result = AccessPath::getAReferenceTo(root, accessPath)`
`420`	`420`	`)`
`421`	`421`	`or`