move hasPathWithoutUnmatchedReturn to Configuration.qll

Author: erik-krogh

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

@@ -2068,3 +2068,14 @@ class VarAccessBarrier extends DataFlow::Node {
     )
   }
 }
+
+/**
+ *  Holds if there is a path without unmatched return steps from `source` to `sink`.
+ */
+predicate hasPathWithoutUnmatchedReturn(SourcePathNode source, SinkPathNode sink) {
+  exists(MidPathNode mid |
+    source.getASuccessor*() = mid and
+    sink = mid.getASuccessor() and
+    mid.getPathSummary().hasReturn() = false
+  )
+}

javascript/ql/src/semmle/javascript/security/dataflow/UnsafeHtmlConstruction.qll

@@ -38,7 +38,7 @@ module UnsafeHtmlConstruction {
     // override to require that there is a path without unmatched return steps
     override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) {
       super.hasFlowPath(source, sink) and
-      hasPathWithoutUnmatchedReturn(source, sink)
+      DataFlow::hasPathWithoutUnmatchedReturn(source, sink)
     }
 
     override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {

javascript/ql/src/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll

@@ -174,17 +174,4 @@ module UnsafeHtmlConstruction {
 
     override string describe() { result = "Markdown rendering" }
   }
-
-  /**
-   *  Holds if there is a path without unmatched return steps from `source` to `sink`.
-   */
-  predicate hasPathWithoutUnmatchedReturn(
-    DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink
-  ) {
-    exists(DataFlow::MidPathNode mid |
-      source.getASuccessor*() = mid and
-      sink = mid.getASuccessor() and
-      mid.getPathSummary().hasReturn() = false
-    )
-  }
 }

javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstruction.qll

@@ -14,7 +14,6 @@ import javascript
  */
 module UnsafeShellCommandConstruction {
   import UnsafeShellCommandConstructionCustomizations::UnsafeShellCommandConstruction
-  import UnsafeHtmlConstructionCustomizations
 
   /**
    * A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities.
@@ -36,7 +35,7 @@ module UnsafeShellCommandConstruction {
     // override to require that there is a path without unmatched return steps
     override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) {
       super.hasFlowPath(source, sink) and
-      UnsafeHtmlConstruction::requireMatchedReturn(source, sink)
+      DataFlow::hasPathWithoutUnmatchedReturn(source, sink)
     }
 
     override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {