Merge pull request #242 from advanced-security/knewbury01/fix-fp-2002

jeongsoolee09 · web-flow · commit ce6c422d9e11 · 2025-10-03T13:24:52.000-04:00
Fix shared flow step LogArgumentToListener
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5LogsToHttpQuery.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5LogsToHttpQuery.qll
@@ -29,11 +29,9 @@ module UI5LogEntryToHttp implements DataFlow::StateConfigSig {
     UI5LogInjection::isAdditionalFlowStep(start, end) and
     preState = postState
     or
-    exists(LogArgumentToListener logArgumentToListener |
-      logArgumentToListener.step(start, end) and
-      preState = "not-logged-not-accessed" and
-      postState = "logged-and-accessed"
-    )
+    logArgumentToListener(start, end) and
+    preState = "not-logged-not-accessed" and
+    postState = "logged-and-accessed"
   }
 
   predicate isSink(DataFlow::Node node, FlowState state) {
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/FlowSteps.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/FlowSteps.qll
@@ -343,18 +343,26 @@ class ResourceBundleGetTextCallArgToReturnValueStep extends DataFlow::SharedFlow
   }
 }
 
+/**
+ * A step from any argument of a SAP logging function to the `onLogEntry`
+ * method of a custom log listener in the same application.
+ */
+predicate logArgumentToListener(DataFlow::Node start, DataFlow::Node end) {
+  inSameWebApp(start.getFile(), end.getFile()) and
+  start =
+    ModelOutput::getATypeNode("SapLogger")
+        .getMember(["debug", "error", "fatal", "info", "trace", "warning"])
+        .getACall()
+        .getAnArgument() and
+  end = ModelOutput::getATypeNode("SapLogEntries").asSource()
+}
+
 /**
  * A step from any argument of a SAP logging function to the `onLogEntry`
  * method of a custom log listener in the same application.
  */
 class LogArgumentToListener extends DataFlow::SharedFlowStep {
   override predicate step(DataFlow::Node start, DataFlow::Node end) {
-    inSameWebApp(start.getFile(), end.getFile()) and
-    start =
-      ModelOutput::getATypeNode("SapLogger")
-          .getMember(["debug", "error", "fatal", "info", "trace", "warning"])
-          .getACall()
-          .getAnArgument() and
-    end = ModelOutput::getATypeNode("SapLogEntries").asSource()
+    logArgumentToListener(start, end)
   }
 }
