Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql

dellalibera · esbena · web-flow · commit 72dc6510b2a8 · 2020-06-16T18:22:55.000+02:00
Co-authored-by: Esben Sparre Andreasen &lt;esbena@github.com&gt;
diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
@@ -33,7 +33,7 @@ class InsufficientOriginChecks extends DataFlow::MethodCallNode {
  * A function handler for the `MessageEvent`.
  */
 class PostMessageHandler extends DataFlow::FunctionNode {
-  PostMessageHandler() { exists(PostMessageEventHandler handler | this.getFunction() = handler) }
+  PostMessageHandler() { this.getFunction() instanceof PostMessageEventHandler  }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ class InsufficientOriginChecks extends DataFlow::MethodCallNode {`
`33`	`33`	* A function handler for the `MessageEvent`.
`34`	`34`	`*/`
`35`	`35`	`class PostMessageHandler extends DataFlow::FunctionNode {`
`36`		`- PostMessageHandler() { exists(PostMessageEventHandler handler \| this.getFunction() = handler) }`
	`36`	`+ PostMessageHandler() { this.getFunction() instanceof PostMessageEventHandler }`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`/**`