Merge pull request github#7675 from erik-krogh/move-url-sink-to-customizations

Approved by esbena

Author: codeql-ci

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

@@ -119,6 +119,17 @@ module ClientSideUrlRedirect {
     }
   }
 
+  /**
+   * Improper use of openExternal can be leveraged to compromise the user's host.
+   * When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.
+   */
+  class ElectronShellOpenExternalSink extends Sink {
+    ElectronShellOpenExternalSink() {
+      this =
+        DataFlow::moduleMember("electron", "shell").getAMemberCall("openExternal").getArgument(0)
+    }
+  }
+
   /**
    * An expression that may be interpreted as the URL of a script.
    */

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll

@@ -55,13 +55,3 @@ class Configuration extends TaintTracking::Configuration {
     guard instanceof HostnameSanitizerGuard
   }
 }
-
-/**
- * Improper use of openExternal can be leveraged to compromise the user's host.
- * When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.
- */
-class ElectronShellOpenExternalSink extends Sink {
-  ElectronShellOpenExternalSink() {
-    this = DataFlow::moduleMember("electron", "shell").getAMemberCall("openExternal").getArgument(0)
-  }
-}