Remove related logic that detects query parameters

jeongsoolee09 · jeongsoolee09 · commit 3b073eb47bb1 · 2025-07-03T15:11:58.000-04:00
Even for INSERT, UPSERT, or CREATE calls, keep the
tracking granularity low to prevent the CQL injection
query making an alert on those cases with calls to
`entries`.
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll
@@ -929,8 +929,7 @@ class CqlCreateMethodCall extends CqlShortcutMethodCall {
     exists(DataFlow::CallNode chainedMethodCall |
       chainedMethodCall = this.getAChainedMethodCall(_)
     |
-      result = chainedMethodCall.getAnArgument() or
-      result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()
+      result = chainedMethodCall.getAnArgument()
     )
   }
 }
@@ -958,8 +957,7 @@ class CqlInsertMethodCall extends CqlShortcutMethodCall {
     exists(DataFlow::CallNode chainedMethodCall |
       chainedMethodCall = this.getAChainedMethodCall(_)
     |
-      result = chainedMethodCall.getAnArgument() or
-      result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()
+      result = chainedMethodCall.getAnArgument()
     )
   }
 }
@@ -971,8 +969,7 @@ class CqlUpsertMethodCall extends CqlShortcutMethodCall {
     exists(DataFlow::CallNode chainedMethodCall |
       chainedMethodCall = this.getAChainedMethodCall(_)
     |
-      result = chainedMethodCall.getAnArgument() or
-      result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()
+      result = chainedMethodCall.getAnArgument()
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -929,8 +929,7 @@ class CqlCreateMethodCall extends CqlShortcutMethodCall {`
`929`	`929`	`exists(DataFlow::CallNode chainedMethodCall \|`
`930`	`930`	`chainedMethodCall = this.getAChainedMethodCall(_)`
`931`	`931`	`\|`
`932`		`- result = chainedMethodCall.getAnArgument() or`
`933`		`- result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()`
	`932`	`+ result = chainedMethodCall.getAnArgument()`
`934`	`933`	`)`
`935`	`934`	`}`
`936`	`935`	`}`
`@@ -958,8 +957,7 @@ class CqlInsertMethodCall extends CqlShortcutMethodCall {`
`958`	`957`	`exists(DataFlow::CallNode chainedMethodCall \|`
`959`	`958`	`chainedMethodCall = this.getAChainedMethodCall(_)`
`960`	`959`	`\|`
`961`		`- result = chainedMethodCall.getAnArgument() or`
`962`		`- result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()`
	`960`	`+ result = chainedMethodCall.getAnArgument()`
`963`	`961`	`)`
`964`	`962`	`}`
`965`	`963`	`}`
`@@ -971,8 +969,7 @@ class CqlUpsertMethodCall extends CqlShortcutMethodCall {`
`971`	`969`	`exists(DataFlow::CallNode chainedMethodCall \|`
`972`	`970`	`chainedMethodCall = this.getAChainedMethodCall(_)`
`973`	`971`	`\|`
`974`		`- result = chainedMethodCall.getAnArgument() or`
`975`		`- result = chainedMethodCall.getAnArgument().(SourceNode).getAPropertyWrite().getRhs()`
	`972`	`+ result = chainedMethodCall.getAnArgument()`
`976`	`973`	`)`
`977`	`974`	`}`
`978`	`975`	`}`