Apply suggestions from code review

asgerf · erik-krogh · web-flow · commit 701d9989be2b · 2020-01-28T12:46:51.000Z
Co-Authored-By: Erik Krogh Kristensen &lt;erik-krogh@github.com&gt;
diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
@@ -35,7 +35,7 @@ private DataFlow::SourceNode nodeLeadingToCookieAccess(DataFlow::TypeBackTracker
   )
 }
 
-/** Gets a data flow node that flows to the base of an access to `cookies` or `session`. */
+/** Gets a data flow node that flows to the base of an access to `cookies`, `session`, or `user`. */
 DataFlow::SourceNode nodeLeadingToCookieAccess() {
   result = nodeLeadingToCookieAccess(DataFlow::TypeBackTracker::end())
 }
@@ -123,7 +123,7 @@ where
   getARouteUsingCookies().flowsToExpr(handler) and
   hasCookieMiddleware(handler, cookie) and
 
-  // Only flag the first cookie parser registered first.
+  // Only flag the cookie parser registered first.
   not hasCookieMiddleware(cookie, _) and
 
   not hasCsrfMiddleware(handler) and

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ private DataFlow::SourceNode nodeLeadingToCookieAccess(DataFlow::TypeBackTracker`
`35`	`35`	`)`
`36`	`36`	`}`
`37`	`37`
`38`		-/** Gets a data flow node that flows to the base of an access to `cookies` or `session`. */
	`38`	+/** Gets a data flow node that flows to the base of an access to `cookies`, `session`, or `user`. */
`39`	`39`	`DataFlow::SourceNode nodeLeadingToCookieAccess() {`
`40`	`40`	`result = nodeLeadingToCookieAccess(DataFlow::TypeBackTracker::end())`
`41`	`41`	`}`
`@@ -123,7 +123,7 @@ where`
`123`	`123`	`getARouteUsingCookies().flowsToExpr(handler) and`
`124`	`124`	`hasCookieMiddleware(handler, cookie) and`
`125`	`125`
`126`		`- // Only flag the first cookie parser registered first.`
	`126`	`+ // Only flag the cookie parser registered first.`
`127`	`127`	`not hasCookieMiddleware(cookie, _) and`
`128`	`128`
`129`	`129`	`not hasCsrfMiddleware(handler) and`