JS: remove the standard PoI configurations

Author: Esben Sparre Andreasen

javascript/ql/src/experimental/poi/PoI.qll

@@ -163,37 +163,37 @@ private module StandardPoIs {
       )
     }
   }
-}
-
-import StandardPoIs
 
-/**
- * Provides often used point of interest configurations.
- */
-private module StandardPoIConfigurations {
   /**
-   * A configuration that enables some server related points of interest.
+   * Provides groups of often used point of interest.
    */
-  abstract class ServerPoIConfiguration extends PoIConfiguration {
-    override predicate enabled(PoI poi) {
-      poi instanceof UnpromotedRouteSetupPoI or
-      poi instanceof UnpromotedRouteHandlerPoI or
-      poi instanceof UnpromotedRouteHandlerWithFlowPoI
+  module StandardPoIGroups {
+    /**
+     * A server-related points of interest.
+     */
+    class ServerRelatedPoI extends StandardPoI {
+      ServerRelatedPoI() {
+        this instanceof UnpromotedRouteSetupPoI or
+        this instanceof UnpromotedRouteHandlerPoI or
+        this instanceof UnpromotedRouteHandlerWithFlowPoI
+      }
     }
-  }
 
-  /**
-   * A configuration that enables some `DataFlow::Configuration` related points of interest.
-   */
-  abstract class DataFlowConfigurationPoIConfiguration extends PoIConfiguration {
-    override predicate enabled(PoI poi) {
-      poi instanceof SourcePoI or
-      poi instanceof SinkPoI
+    /**
+     * A configuration-related points of interest.
+     */
+    class DataFlowConfigurationPoI extends StandardPoI {
+      DataFlowConfigurationPoI() {
+        this instanceof SourcePoI or
+        this instanceof SinkPoI
+      }
     }
   }
+
+  import StandardPoIGroups
 }
 
-import StandardPoIConfigurations
+import StandardPoIs
 
 /**
  * A tagging interface for the standard points of interest.
@@ -213,7 +213,8 @@ private module PoIConfigDefaults {
  * A configuration for the points of interest to display.
  */
 abstract class PoIConfiguration extends string {
-  PoIConfiguration() { this = "PoIConfiguration" }
+  bindingset[this]
+  PoIConfiguration() { any() }
 
   /**
    * Holds if the points of interest from `poi` should be shown.

javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.expected

@@ -1,4 +1,3 @@
-WARNING: Config extends only abstract classes but does not provide its own characteristic predicate (CommandInjectionPoIConfiguration.ql:11,7-13)
 | tst.js:16:15:16:25 | req.query.x | SourcePoI | tst.js:16:15:16:25 | req.query.x | irrelevant | tst.js:16:15:16:25 | req.query.x | irrelevant |
 | tst.js:17:11:17:21 | req.query.x | SinkPoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant |
 | tst.js:17:11:17:21 | req.query.x | SourcePoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant |

javascript/ql/test/experimental/PoI/CommandInjectionPoIConfiguration.ql

@@ -8,6 +8,10 @@ import semmle.javascript.security.dataflow.CommandInjection
 import semmle.javascript.security.dataflow.IndirectCommandInjection
 import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironment
 
-class Config extends DataFlowConfigurationPoIConfiguration { }
+class Config extends PoIConfiguration {
+  Config() { this = "Config" }
+
+  override predicate enabled(PoI poi) { poi instanceof DataFlowConfigurationPoI }
+}
 
 query predicate problems = alertQuery/6;

javascript/ql/test/experimental/PoI/ServerPoIConfiguration.expected

@@ -1,4 +1,3 @@
-WARNING: Config extends only abstract classes but does not provide its own characteristic predicate (ServerPoIConfiguration.ql:8,7-13)
 | tst.js:6:1:6:16 | (req, res) => 42 | UnpromotedRouteHandlerPoI | tst.js:6:1:6:16 | (req, res) => 42 | irrelevant | tst.js:6:1:6:16 | (req, res) => 42 | irrelevant |
 | tst.js:6:1:6:16 | (req, res) => 42 | UnpromotedRouteHandlerWithFlowPoI: $@ | tst.js:6:1:6:16 | (req, res) => 42 | ends here | tst.js:6:1:6:16 | (req, res) => 42 | irrelevant |
 | tst.js:13:1:13:36 | otherAp ... h", rh) | UnpromotedRouteSetupPoI | tst.js:13:1:13:36 | otherAp ... h", rh) | irrelevant | tst.js:13:1:13:36 | otherAp ... h", rh) | irrelevant |

javascript/ql/test/experimental/PoI/ServerPoIConfiguration.ql

@@ -5,6 +5,10 @@
 import javascript
 import experimental.poi.PoI
 
-class Config extends ServerPoIConfiguration { }
+class Config extends PoIConfiguration {
+  Config() { this = "Config" }
+
+  override predicate enabled(PoI poi) { poi instanceof ServerRelatedPoI }
+}
 
 query predicate problems = alertQuery/6;

javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.expected

@@ -1,4 +1,3 @@
-WARNING: Config extends only abstract classes but does not provide its own characteristic predicate (TaintedPathPoIConfiguration.ql:9,7-13)
 | tst.js:1:23:1:31 | "express" | SinkPoI | tst.js:1:23:1:31 | "express" | irrelevant | tst.js:1:23:1:31 | "express" | irrelevant |
 | tst.js:2:16:2:19 | "fs" | SinkPoI | tst.js:2:16:2:19 | "fs" | irrelevant | tst.js:2:16:2:19 | "fs" | irrelevant |
 | tst.js:3:16:3:30 | "child_process" | SinkPoI | tst.js:3:16:3:30 | "child_process" | irrelevant | tst.js:3:16:3:30 | "child_process" | irrelevant |

javascript/ql/test/experimental/PoI/TaintedPathPoIConfiguration.ql

@@ -6,6 +6,10 @@ import javascript
 import experimental.poi.PoI
 import semmle.javascript.security.dataflow.TaintedPath
 
-class Config extends DataFlowConfigurationPoIConfiguration { }
+class Config extends PoIConfiguration {
+  Config() { this = "Config" }
+
+  override predicate enabled(PoI poi) { poi instanceof DataFlowConfigurationPoI }
+}
 
 query predicate problems = alertQuery/6;

javascript/ql/test/experimental/PoI/TestStandardPoIs.expected

@@ -1,2 +1 @@
-WARNING: Config extends only abstract classes but does not provide its own characteristic predicate (TestStandardPoIs.ql:8,7-13)
 | tst.js:6:1:6:16 | (req, res) => 42 | UnpromotedRouteHandlerPoI | tst.js:6:1:6:16 | (req, res) => 42 | irrelevant | tst.js:6:1:6:16 | (req, res) => 42 | irrelevant |

javascript/ql/test/experimental/PoI/TestStandardPoIs.ql

@@ -6,6 +6,8 @@ import javascript
 import experimental.poi.PoI
 
 class Config extends PoIConfiguration {
+  Config() { this = "Config" }
+
   override predicate enabled(PoI poi) { poi instanceof UnpromotedRouteHandlerPoI }
 }
 

javascript/ql/test/experimental/PoI/XssPoIConfiguration.expected

@@ -1,4 +1,3 @@
-WARNING: Config extends only abstract classes but does not provide its own characteristic predicate (XssPoIConfiguration.ql:12,7-13)
 | tst.js:16:15:16:25 | req.query.x | SourcePoI | tst.js:16:15:16:25 | req.query.x | irrelevant | tst.js:16:15:16:25 | req.query.x | irrelevant |
 | tst.js:17:11:17:21 | req.query.x | SourcePoI | tst.js:17:11:17:21 | req.query.x | irrelevant | tst.js:17:11:17:21 | req.query.x | irrelevant |
 | tst.js:18:12:18:22 | req.query.x | SinkPoI | tst.js:18:12:18:22 | req.query.x | irrelevant | tst.js:18:12:18:22 | req.query.x | irrelevant |