combine two implementations for database-accesses as remote flow sources

Stephan Brandauer · Stephan Brandauer · commit 93507a2d71df · 2022-01-13T10:53:58.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll b/javascript/ql/lib/semmle/javascript/heuristics/AdditionalSources.qll
@@ -53,23 +53,13 @@ class RemoteServerResponse extends HeuristicSource, RemoteFlowSource {
   override string getSourceType() { result = "a response from a remote server" }
 }
 
-/**
- * The data read from a database.
- */
-class DatabaseAccessResultRemoteFlowSource extends HeuristicSource, RemoteFlowSource {
-  DatabaseAccessResultRemoteFlowSource() { exists(DatabaseAccess dba | this = dba.getAResult()) }
-
-  override string getSourceType() { result = "Database query result" }
-
-  override predicate isUserControlledObject() { any() }
-}
-
 /**
  * A remote flow source originating from a database access.
  */
 private class RemoteFlowSourceFromDBAccess extends RemoteFlowSource, HeuristicSource {
   RemoteFlowSourceFromDBAccess() {
-    this = ModelOutput::getASourceNode("database-access-result").getAUse()
+    this = ModelOutput::getASourceNode("database-access-result").getAUse() or
+    exists(DatabaseAccess dba | this = dba.getAResult())
   }
 
   override string getSourceType() { result = "Database access" }
