JS: Remove reference to argsParseStep

asgerf · asgerf · commit c94a01e6b659 · 2024-11-26T15:36:47.000+01:00
This was removed as part of the PR that introduced threat models.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll
@@ -26,10 +26,6 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
-
-  predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    argsParseStep(pred, succ)
-  }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -26,10 +26,6 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig {`
`26`	`26`	`predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) }`
`27`	`27`
`28`	`28`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
`29`		`-`
`30`		`- predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {`
`31`		`- argsParseStep(pred, succ)`
`32`		`- }`
`33`	`29`	`}`
`34`	`30`
`35`	`31`	`/**`