Add back UI5LogInjectionConfiguration.isAdditionalTaintStep

jeongsoolee09 · jeongsoolee09 · commit 5bc5eb32c93d · 2025-05-05T17:45:43.000-04:00
diff --git a/javascript/frameworks/ui5/src/UI5LogInjection/UI5LogsToHttp.ql b/javascript/frameworks/ui5/src/UI5LogInjection/UI5LogsToHttp.ql
@@ -69,7 +69,9 @@ class LogListener extends DataFlow::Node {
 }
 
 class UI5LogEntryFlowState extends DataFlow::FlowLabel {
-  UI5LogEntryFlowState() { this = ["not-logged-not-accessed", "logged-and-accessed"] }
+  UI5LogEntryFlowState() {
+    this = ["not-logged-not-accessed", "logged-not-accessed", "logged-and-accessed"]
+  }
 }
 
 class UI5LogEntryToHttp extends TaintTracking::Configuration {
@@ -84,14 +86,20 @@ class UI5LogEntryToHttp extends TaintTracking::Configuration {
     DataFlow::Node start, DataFlow::Node end, DataFlow::FlowLabel preState,
     DataFlow::FlowLabel postState
   ) {
+    exists(UI5LogInjectionConfiguration cfg |
+      cfg.isAdditionalFlowStep(start, end) and
+      preState = "not-logged-not-accessed" and
+      postState = "logged-not-accessed"
+    )
+    or
     inSameWebApp(start.getFile(), end.getFile()) and
     start =
       ModelOutput::getATypeNode("SapLogger")
           .getMember(["debug", "error", "fatal", "info", "trace", "warning"])
           .getACall()
           .getAnArgument() and
     end = ModelOutput::getATypeNode("SapLogEntries").asSource() and
-    preState = "not-logged-not-accessed" and
+    preState = "logged-not-accessed" and
     postState = "logged-and-accessed"
   }
 
