Delete CoreKnowledge.

tiferet · tiferet · commit 5402f047bfe4 · 2022-11-29T13:20:47.000-08:00
All remaining functionality in `CoreKnowledge` is only being used in `EndpointCharacteristics`, so it can be moved there as a small set of helper predicates.
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
@@ -9,6 +9,7 @@ private import semmle.javascript.security.dataflow.NosqlInjectionCustomizations
 private import semmle.javascript.security.dataflow.TaintedPathCustomizations
 private import semmle.javascript.heuristics.SyntacticHeuristics as SyntacticHeuristics
 private import semmle.javascript.filters.ClassifyFiles as ClassifyFiles
+private import StandardEndpointFilters as StandardEndpointFilters
 private import semmle.javascript.security.dataflow.XxeCustomizations
 private import semmle.javascript.security.dataflow.RemotePropertyInjectionCustomizations
 private import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingCustomizations
@@ -154,53 +155,6 @@ private predicate isKnownStepSrc(DataFlow::Node n) {
   DataFlow::SharedFlowStep::step(n, _, _, _)
 }
 
-/**
- * Holds if the data flow node is a (possibly indirect) argument of a likely external library call.
- *
- * This includes direct arguments of likely external library calls as well as nested object
- * literals within those calls.
- */
-private predicate flowsToArgumentOfLikelyExternalLibraryCall(DataFlow::Node n) {
-  n = getACallWithoutCallee().getAnArgument()
-  or
-  exists(DataFlow::SourceNode src | flowsToArgumentOfLikelyExternalLibraryCall(src) |
-    n = src.getAPropertyWrite().getRhs()
-  )
-  or
-  exists(DataFlow::ArrayCreationNode arr | flowsToArgumentOfLikelyExternalLibraryCall(arr) |
-    n = arr.getAnElement()
-  )
-}
-
-/**
- * Get calls for which we do not have the callee (i.e. the definition of the called function). This
- * acts as a heuristic for identifying calls to external library functions.
- */
-private DataFlow::CallNode getACallWithoutCallee() {
-  forall(Function callee | callee = result.getACallee() | callee.getTopLevel().isExterns()) and
-  not exists(DataFlow::ParameterNode param, DataFlow::FunctionNode callback |
-    param.flowsTo(result.getCalleeNode()) and
-    callback = getACallback(param, DataFlow::TypeBackTracker::end())
-  )
-}
-
-/**
- * Gets a node that flows to callback-parameter `p`.
- */
-private DataFlow::SourceNode getACallback(DataFlow::ParameterNode p, DataFlow::TypeBackTracker t) {
-  t.start() and
-  result = p and
-  any(DataFlow::FunctionNode f).getLastParameter() = p and
-  exists(p.getACall())
-  or
-  exists(DataFlow::TypeBackTracker t2 | result = getACallback(p, t2).backtrack(t2, t))
-}
-
-/**
- * Get calls which are likely to be to external non-built-in libraries.
- */
-DataFlow::CallNode getALikelyExternalLibraryCall() { result = getACallWithoutCallee() }
-
 /*
  * Characteristics that are indicative of a sink.
  * NOTE: Initially each sink type has only one characteristic, which is that it's a sink of this type in the standard
