update TaintedPath to use new consistency checking

Author: erik-krogh

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected

@@ -1,4 +1,2 @@
-| normalizedPaths.js:208:38:208:63 | // OK - ...  anyway | Spurious alert |
-| tainted-string-steps.js:25:43:25:74 | // NOT  ... flagged | Missing alert |
-| tainted-string-steps.js:26:49:26:74 | // OK - ... flagged | Spurious alert |
-| tainted-string-steps.js:28:39:28:70 | // NOT  ... flagged | Missing alert |
+| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:10 | expected an alert, but found none | BAD: taint is preserved |
+| query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js:14 | expected an alert, but found none | BAD: taint is preserved |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql

@@ -1,32 +1,3 @@
 import javascript
 import semmle.javascript.security.dataflow.TaintedPath::TaintedPath
-
-class Assertion extends LineComment {
-  boolean shouldHaveAlert;
-
-  Assertion() {
-    if getText().matches("%NOT OK%")
-    then shouldHaveAlert = true
-    else (
-      getText().matches("%OK%") and shouldHaveAlert = false
-    )
-  }
-
-  predicate shouldHaveAlert() { shouldHaveAlert = true }
-
-  predicate hasAlert() {
-    exists(Configuration cfg, DataFlow::Node src, DataFlow::Node sink, Location loc |
-      cfg.hasFlow(src, sink) and
-      loc = sink.getAstNode().getLocation() and
-      loc.getFile() = getFile() and
-      loc.getEndLine() = getLocation().getEndLine()
-    )
-  }
-}
-
-from Assertion assertion, string message
-where
-  assertion.shouldHaveAlert() and not assertion.hasAlert() and message = "Missing alert"
-  or
-  not assertion.shouldHaveAlert() and assertion.hasAlert() and message = "Spurious alert"
-select assertion, message
+import testUtilities.ConsistencyChecking

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js

@@ -205,7 +205,7 @@ app.get('/join-regression', (req, res) => {
     fs.readFileSync(normalizedPath); // NOT OK
 
   if (normalizedPath.startsWith('/home/user/www') || normalizedPath.startsWith('/home/user/public'))
-    fs.readFileSync(normalizedPath); // OK - but flagged anyway
+    fs.readFileSync(normalizedPath); // OK - but flagged anyway [INCONSISTENCY]
   else
     fs.readFileSync(normalizedPath); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js

@@ -7,11 +7,11 @@ var fs = require('fs'),
 
 var server = http.createServer(function(req, res) {
   let path = url.parse(req.url, true).query.path;
-  res.write(fs.readFileSync(['public', path].join('/'))); // BAD: taint is preserved [INCONSISTENCY]
+  res.write(fs.readFileSync(['public', path].join('/'))); // BAD: taint is preserved
 
   let parts = ['public', path];
   parts = parts.map(x => x.toLowerCase());
-  res.write(fs.readFileSync(parts.join('/'))); // BAD: taint is preserved [INCONSISTENCY]
+  res.write(fs.readFileSync(parts.join('/'))); // BAD: taint is preserved
 });
 
 server.listen();

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js

@@ -22,10 +22,10 @@ var server = http.createServer(function(req, res) {
 	fs.readFileSync(path.split('/')[i]); // NOT OK
 	fs.readFileSync(path.split(/\//)[i]); // NOT OK
 	fs.readFileSync(path.split("?")[0]); // NOT OK
-	fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged
-	fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged
+	fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged [INCONSISTENCY]
+	fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged [INCONSISTENCY]
 	fs.readFileSync(path.split(unknown)); // NOT OK
-	fs.readFileSync(path.split("?")[i]); // NOT OK -- but not yet flagged
+	fs.readFileSync(path.split("?")[i]); // NOT OK -- but not yet flagged [INCONSISTENCY]
 });
 
 server.listen();