From c7d72e0d348bc7f38c0dbf5b68476d351b2690ef Mon Sep 17 00:00:00 2001
From: Kasper Svendsen <kaspersv@github.com>
Date: Tue, 9 May 2023 17:01:41 +0200
Subject: [PATCH] JS: Prevent join order regression

---
 .../dataflow/SecondOrderCommandInjectionCustomizations.qll       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll
index c405dec31f7..04e2c358788 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll
@@ -117,6 +117,7 @@ module SecondOrderCommandInjection {
     int cmdIndex;
     int argIndex;
 
+    pragma[assume_small_delta]
     IndirectCmdFunc() {
       exists(CommandExecutingCall call |
         this.getParameter(cmdIndex).flowsTo(call.getCommandArg()) and