From 86ead5e0197dc004877900c5bae546d87ce778ee Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 30 May 2023 19:50:56 +0100
Subject: [PATCH] Only flag up the deepest properties

---
 queries/default-setup-event-context.ql | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/queries/default-setup-event-context.ql b/queries/default-setup-event-context.ql
index 27bd55af6..d0d3cbce1 100644
--- a/queries/default-setup-event-context.ql
+++ b/queries/default-setup-event-context.ql
@@ -25,7 +25,9 @@ class EventContextAccessConfiguration extends DataFlow::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
-    sink instanceof DataFlow::PropRead and lbl instanceof ParsedLabel
+    sink instanceof DataFlow::PropRead and
+    lbl instanceof ParsedLabel and
+    not exists(DataFlow::PropRead n | sink = n.getBase())
   }
 
   override predicate isAdditionalFlowStep(