JS: Replace 'instanceof ClientSideRemoteFlowSource'

asgerf · asgerf · commit ca410fefdcd9 · 2025-01-20T13:13:34.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
@@ -34,7 +34,7 @@ module CommandInjection {
    * An active threat-model source, considered as a flow source.
    */
   private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
-    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
+    ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
 
     override string getSourceType() { result = "a user-provided value" }
   }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
@@ -36,7 +36,7 @@ module CorsMisconfigurationForCredentials {
    * An active threat-model source, considered as a flow source.
    */
   private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
-    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
+    ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
@@ -52,7 +52,7 @@ deprecated class LogInjectionConfiguration extends TaintTracking::Configuration
  * A source of remote user controlled input.
  */
 class RemoteSource extends Source instanceof RemoteFlowSource {
-  RemoteSource() { not this instanceof ClientSideRemoteFlowSource }
+  RemoteSource() { not this.isClientSideSource() }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
@@ -34,7 +34,7 @@ module RegExpInjection {
    * An active threat-model source, considered as a flow source.
    */
   private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
-    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
+    ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
   }
 
   private import IndirectCommandInjectionCustomizations
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
@@ -52,7 +52,7 @@ module RequestForgery {
       not this.(ClientSideRemoteFlowSource).getKind().isPathOrUrl()
     }
 
-    override predicate isServerSide() { not this instanceof ClientSideRemoteFlowSource }
+    override predicate isServerSide() { not super.isClientSideSource() }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
@@ -63,7 +63,7 @@ module ResourceExhaustion {
   private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
     ActiveThreatModelSourceAsSource() {
       // exclude source that only happen client-side
-      not this instanceof ClientSideRemoteFlowSource and
+      not this.isClientSideSource() and
       not this = DataFlow::parameterNode(any(PostMessageEventHandler pmeh).getEventParameter())
     }
   }
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
@@ -719,7 +719,7 @@ module TaintedPath {
    * An active threat-model source, considered as a flow source.
    */
   private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {
-    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
+    ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ module CommandInjection {`
`34`	`34`	`* An active threat-model source, considered as a flow source.`
`35`	`35`	`*/`
`36`	`36`	`private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {`
`37`		`- ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }`
	`37`	`+ ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }`
`38`	`38`
`39`	`39`	`override string getSourceType() { result = "a user-provided value" }`
`40`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ module CorsMisconfigurationForCredentials {`
`36`	`36`	`* An active threat-model source, considered as a flow source.`
`37`	`37`	`*/`
`38`	`38`	`private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {`
`39`		`- ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }`
	`39`	`+ ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ deprecated class LogInjectionConfiguration extends TaintTracking::Configuration`
`52`	`52`	`* A source of remote user controlled input.`
`53`	`53`	`*/`
`54`	`54`	`class RemoteSource extends Source instanceof RemoteFlowSource {`
`55`		`- RemoteSource() { not this instanceof ClientSideRemoteFlowSource }`
	`55`	`+ RemoteSource() { not this.isClientSideSource() }`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ module RegExpInjection {`
`34`	`34`	`* An active threat-model source, considered as a flow source.`
`35`	`35`	`*/`
`36`	`36`	`private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {`
`37`		`- ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }`
	`37`	`+ ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`private import IndirectCommandInjectionCustomizations`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ module RequestForgery {`
`52`	`52`	`not this.(ClientSideRemoteFlowSource).getKind().isPathOrUrl()`
`53`	`53`	`}`
`54`	`54`
`55`		`- override predicate isServerSide() { not this instanceof ClientSideRemoteFlowSource }`
	`55`	`+ override predicate isServerSide() { not super.isClientSideSource() }`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ module ResourceExhaustion {`
`63`	`63`	`private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {`
`64`	`64`	`ActiveThreatModelSourceAsSource() {`
`65`	`65`	`// exclude source that only happen client-side`
`66`		`- not this instanceof ClientSideRemoteFlowSource and`
	`66`	`+ not this.isClientSideSource() and`
`67`	`67`	`not this = DataFlow::parameterNode(any(PostMessageEventHandler pmeh).getEventParameter())`
`68`	`68`	`}`
`69`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -719,7 +719,7 @@ module TaintedPath {`
`719`	`719`	`* An active threat-model source, considered as a flow source.`
`720`	`720`	`*/`
`721`	`721`	`private class ActiveThreatModelSourceAsSource extends Source instanceof ActiveThreatModelSource {`
`722`		`- ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }`
	`722`	`+ ActiveThreatModelSourceAsSource() { not this.isClientSideSource() }`
`723`	`723`	`}`
`724`	`724`
`725`	`725`	`/**`