Apply suggestions from code review

asgerf · erik-krogh · web-flow · commit f52c82796676 · 2020-05-18T09:31:09.000+01:00
Base type of EscapingSanitizer

Co-authored-by: Erik Krogh Kristensen &lt;erik-krogh@github.com&gt;
diff --git a/javascript/ql/src/semmle/javascript/frameworks/SQL.qll b/javascript/ql/src/semmle/javascript/frameworks/SQL.qll
@@ -74,10 +74,10 @@ private module MySql {
   }
 
   /** A call to the `escape` or `escapeId` method that performs SQL sanitization. */
-  class EscapingSanitizer extends SQL::SqlSanitizer, @callexpr {
+  class EscapingSanitizer extends SQL::SqlSanitizer, MethodCallExpr {
     EscapingSanitizer() {
-      this = [mysql(), pool(), connection()].getAMemberCall(["escape", "escapeId"]).asExpr() and
-      input = this.(MethodCallExpr).getArgument(0) and
+      this = [mysql(), pool(), connection()].getAMethodCall(["escape", "escapeId"]).asExpr() and
+      input = this.getArgument(0) and
       output = this
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -74,10 +74,10 @@ private module MySql {`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	/** A call to the `escape` or `escapeId` method that performs SQL sanitization. */
`77`		`- class EscapingSanitizer extends SQL::SqlSanitizer, @callexpr {`
	`77`	`+ class EscapingSanitizer extends SQL::SqlSanitizer, MethodCallExpr {`
`78`	`78`	`EscapingSanitizer() {`
`79`		`- this = [mysql(), pool(), connection()].getAMemberCall(["escape", "escapeId"]).asExpr() and`
`80`		`- input = this.(MethodCallExpr).getArgument(0) and`
	`79`	`+ this = [mysql(), pool(), connection()].getAMethodCall(["escape", "escapeId"]).asExpr() and`
	`80`	`+ input = this.getArgument(0) and`
`81`	`81`	`output = this`
`82`	`82`	`}`
`83`	`83`	`}`