JavaScript: Apply review suggestion.

Max Schaefer · Esben Sparre Andreasen · Max Schaefer · commit 4e1e7bc1279a · 2019-09-19T09:40:28.000+01:00
Co-Authored-By: Esben Sparre Andreasen &lt;42067045+esben-semmle@users.noreply.github.com&gt;
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll b/javascript/ql/src/semmle/javascript/security/dataflow/MissingRateLimiting.qll
@@ -23,6 +23,7 @@
  */
 
 import javascript
+private import semmle.javascript.frameworks.ConnectExpressShared::ConnectExpressShared
 
 // main concepts
 /**
@@ -160,8 +161,8 @@ class RouteHandlerLimitedByExpressLimiter extends RateLimitedRouteHandlerExpr {
  * A rate-handler function implemented using one of the rate-limiting classes provided
  * by the `rate-limiter-flexible` package.
  *
- * We look for functions that invoke the `consume` method of one of the `RateLimiter*`
- * classes from the `rate-limiter-flexible` package on a property of their first argument,
+ * We look for route handlers that invoke the `consume` method of one of the `RateLimiter*`
+ * classes from the `rate-limiter-flexible` package on a property of their request parameter,
  * like the `rateLimiterMiddleware` function in this example:
  *
  * ```
@@ -176,14 +177,13 @@ class RateLimiterFlexibleRateLimiter extends DataFlow::FunctionNode {
   RateLimiterFlexibleRateLimiter() {
     exists(
       string rateLimiterClassName, DataFlow::SourceNode rateLimiterClass,
-      DataFlow::SourceNode rateLimiterInstance
+      DataFlow::SourceNode rateLimiterInstance, DataFlow::ParameterNode request
     |
       rateLimiterClassName.matches("RateLimiter%") and
       rateLimiterClass = DataFlow::moduleMember("rate-limiter-flexible", rateLimiterClassName) and
       rateLimiterInstance = rateLimiterClass.getAnInstantiation() and
-      getParameter(0).getAPropertyRead() = rateLimiterInstance
-            .getAMemberCall("consume")
-            .getAnArgument()
+      request.getParameter() = getRouteHandlerParameter(getFunction(), "request") and
+      request.getAPropertyRead() = rateLimiterInstance.getAMemberCall("consume").getAnArgument()
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@`
`23`	`23`	`*/`
`24`	`24`
`25`	`25`	`import javascript`
	`26`	`+private import semmle.javascript.frameworks.ConnectExpressShared::ConnectExpressShared`
`26`	`27`
`27`	`28`	`// main concepts`
`28`	`29`	`/**`
`@@ -160,8 +161,8 @@ class RouteHandlerLimitedByExpressLimiter extends RateLimitedRouteHandlerExpr {`
`160`	`161`	`* A rate-handler function implemented using one of the rate-limiting classes provided`
`161`	`162`	* by the `rate-limiter-flexible` package.
`162`	`163`	`*`
`163`		- * We look for functions that invoke the `consume` method of one of the `RateLimiter*`
`164`		- * classes from the `rate-limiter-flexible` package on a property of their first argument,
	`164`	+ * We look for route handlers that invoke the `consume` method of one of the `RateLimiter*`
	`165`	+ * classes from the `rate-limiter-flexible` package on a property of their request parameter,
`165`	`166`	* like the `rateLimiterMiddleware` function in this example:
`166`	`167`	`*`
`167`	`168`	* ```
`@@ -176,14 +177,13 @@ class RateLimiterFlexibleRateLimiter extends DataFlow::FunctionNode {`
`176`	`177`	`RateLimiterFlexibleRateLimiter() {`
`177`	`178`	`exists(`
`178`	`179`	`string rateLimiterClassName, DataFlow::SourceNode rateLimiterClass,`
`179`		`- DataFlow::SourceNode rateLimiterInstance`
	`180`	`+ DataFlow::SourceNode rateLimiterInstance, DataFlow::ParameterNode request`
`180`	`181`	`\|`
`181`	`182`	`rateLimiterClassName.matches("RateLimiter%") and`
`182`	`183`	`rateLimiterClass = DataFlow::moduleMember("rate-limiter-flexible", rateLimiterClassName) and`
`183`	`184`	`rateLimiterInstance = rateLimiterClass.getAnInstantiation() and`
`184`		`- getParameter(0).getAPropertyRead() = rateLimiterInstance`
`185`		`- .getAMemberCall("consume")`
`186`		`- .getAnArgument()`
	`185`	`+ request.getParameter() = getRouteHandlerParameter(getFunction(), "request") and`
	`186`	`+ request.getAPropertyRead() = rateLimiterInstance.getAMemberCall("consume").getAnArgument()`
`187`	`187`	`)`
`188`	`188`	`}`
`189`	`189`	`}`