JS: Remove the unused edge-sanitizer hook in UnvalidatedDynamicMethodCall

Author: asgerf

javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll

@@ -34,11 +34,24 @@ module UnvalidatedDynamicMethodCall {
 
   /**
    * A sanitizer for unvalidated dynamic method calls.
-   * Override the `sanitizes` predicate to specify an edge that should be sanitized.
-   * The `this` value is not seen as a sanitizer.
    */
   abstract class Sanitizer extends DataFlow::Node {
-    abstract predicate sanitizes(DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl);
+    /**
+     * Gets the flow label blocked by this sanitizer.
+     */
+    DataFlow::FlowLabel getFlowLabel() { result.isTaint() }
+
+    /**
+     * DEPRECATED. Use sanitizer nodes instead.
+     *
+     * This predicate no longer has any effect. The `this` value of `Sanitizer` is instead
+     * treated as a sanitizing node, that is, flow in and out of that node is prohibited.
+     */
+    deprecated predicate sanitizes(
+      DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl
+    ) {
+      none()
+    }
   }
 
   /**

javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll

@@ -38,10 +38,10 @@ class Configuration extends TaintTracking::Configuration {
     sink.(Sink).getFlowLabel() = label
   }
 
-  override predicate isSanitizerEdge(
-    DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel lbl
-  ) {
-    any(Sanitizer s).sanitizes(pred, succ, lbl)
+  override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) {
+    super.isLabeledBarrier(node, label)
+    or
+    node.(Sanitizer).getFlowLabel() = label
   }
 
   override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {