remove saniter which was responsible for a defensive technique

Author: am0o0

python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.ql

@@ -20,26 +20,6 @@ import semmle.python.dataflow.new.TaintTracking
 import WebAppConstantSecretKeyDjango
 import WebAppConstantSecretKeyFlask
 
-private predicate stringConstCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
-  exists(CompareNode cn | cn = g |
-    exists(StrConst str_const, Cmpop op |
-      op = any(Eq eq) and branch = false
-      or
-      op = any(NotEq ne) and branch = true
-    |
-      cn.operands(str_const.getAFlowNode(), op, node)
-      or
-      cn.operands(node, op, str_const.getAFlowNode())
-    )
-  )
-}
-
-class StringConstCompareBarrier extends DataFlow::Node {
-  StringConstCompareBarrier() {
-    this = DataFlow::BarrierGuard<stringConstCompare/3>::getABarrierNode()
-  }
-}
-
 newtype TFrameWork =
   Flask() or
   Django()
@@ -58,17 +38,6 @@ module WebAppConstantSecretKeyConfig implements DataFlow::StateConfigSig {
     or
     state = Django() and DjangoConstantSecretKeyConfig::isSink(sink)
   }
-
-  predicate isBarrier(DataFlow::Node sanitizer, FlowState state) {
-    (state = Flask() or state = Django()) and
-    sanitizer instanceof StringConstCompareBarrier
-  }
-
-  predicate isAdditionalFlowStep(
-    DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
-  ) {
-    none()
-  }
 }
 
 module WebAppConstantSecretKey = TaintTracking::GlobalWithState<WebAppConstantSecretKeyConfig>;