Replace convertBytesToString with models

Author: egregius313

java/ql/lib/ext/org.owasp.esapi.model.yml

@@ -3,4 +3,5 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
-      - ["org.owasp.esapi", "Encoder", true, "encodeForHTML", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.owasp.esapi", "Encoder", true, "encodeForHTML", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["org.owasp.esapi", "Encoder", true, "encodeForBase64", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "manual"]

java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll

@@ -65,15 +65,6 @@ private class SensitiveActionSink extends WeakRandomnessSink {
 
 private class CredentialsSink extends WeakRandomnessSink instanceof CredentialsSinkNode { }
 
-/**
- * Holds if there is a method access which converts `bytes` to the string `str`.
- */
-private predicate covertsBytesToString(DataFlow::Node bytes, DataFlow::Node str) {
-  bytes.getType().(Array).getElementType().(PrimitiveType).hasName("byte") and
-  str.getType() instanceof TypeString and
-  exists(MethodCall mc | mc = str.asExpr() | bytes.asExpr() = mc.getAnArgument())
-}
-
 /**
  * A taint-tracking configuration for weak randomness.
  */
@@ -88,8 +79,6 @@ module WeakRandomnessConfig implements DataFlow::ConfigSig {
     n1.asExpr() = n2.asExpr().(BinaryExpr).getAnOperand()
     or
     n1.asExpr() = n2.asExpr().(UnaryExpr).getExpr()
-    or
-    covertsBytesToString(n1, n2)
   }
 }