Skip to content

Commit b29ee2a

Browse files
committed
JS: Remove references to localFieldStep
These are tracked in github/codeql-javascript-team#456
1 parent 7766f97 commit b29ee2a

File tree

6 files changed

+1
-31
lines changed

6 files changed

+1
-31
lines changed

javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -99,11 +99,6 @@ module PrototypePollutingAssignmentConfig implements DataFlow::StateConfigSig {
9999
state2 = FlowState::objectPrototype()
100100
)
101101
or
102-
// TODO: local field step becomes a jump step, resulting in FPs (closure-lib)
103-
// TODO: localFieldStep is too expensive with dataflow2
104-
// DataFlow::localFieldStep(pred, succ)
105-
none()
106-
or
107102
state1 = FlowState::taint() and
108103
TaintTracking::defaultTaintStep(node1, node2) and
109104
state1 = state2

javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,10 +29,6 @@ module UnsafeCodeConstruction {
2929
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
3030
// HTML sanitizers are insufficient protection against code injection
3131
node1 = node2.(HtmlSanitizerCall).getInput()
32-
or
33-
none()
34-
// TODO: localFieldStep is too expensive with dataflow2
35-
// DataFlow::localFieldStep(pred, succ)
3632
}
3733

3834
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }

javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,6 @@ module UnsafeHtmlConstructionConfig implements DataFlow::StateConfigSig {
4747
predicate isAdditionalFlowStep(
4848
DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
4949
) {
50-
// TODO: localFieldStep is too expensive with dataflow2
51-
// DataFlow::localFieldStep(pred, succ) and
52-
// inlbl.isTaint() and
53-
// outlbl.isTaint()
54-
none()
55-
or
5650
TaintedObject::isAdditionalFlowStep(node1, state1, node2, state2)
5751
or
5852
// property read from a tainted object is considered tainted

javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,6 @@ module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig {
2323
}
2424

2525
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node sink) {
26-
// jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor.
27-
// TODO: localFieldStep is too expensive with dataflow2
28-
// DataFlow::localFieldStep(pred, succ)
29-
none()
30-
or
3126
aliasPropertyPresenceStep(node1, sink)
3227
}
3328

javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,12 +26,6 @@ module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig {
2626
node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode()
2727
}
2828

29-
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
30-
none()
31-
// TODO: localFieldStep is too expensive with dataflow2
32-
// DataFlow::localFieldStep(pred, succ)
33-
}
34-
3529
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
3630
}
3731

javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,7 @@ module PolynomialReDoSConfig implements DataFlow::ConfigSig {
2222

2323
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
2424

25-
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
26-
none()
27-
// TODO: localFieldStep is too expensive with dataflow2
28-
// DataFlow::localFieldStep(pred, succ)
29-
}
25+
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { none() }
3026

3127
int fieldFlowBranchLimit() { result = 1 } // library inputs are too expensive on some projects
3228
}

0 commit comments

Comments
 (0)