Make the TaintTracking::Configuration s extend the default configurations again

jeongsoolee09 · jeongsoolee09 · commit c4eb9a4d9e4a · 2025-04-03T15:10:50.000-04:00
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPLogInjectionQuery.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPLogInjectionQuery.qll
@@ -43,13 +43,11 @@ class CdsLogSink extends DataFlow::Node {
   }
 }
 
-class CAPLogInjectionConfiguration extends TaintTracking::Configuration {
+class CAPLogInjectionConfiguration extends LogInjectionConfiguration {
   CAPLogInjectionConfiguration() { this = "CAP Log Injection" }
 
   override predicate isSource(DataFlow::Node start) {
-    exists(LogInjectionConfiguration logInjectionConfiguration |
-      logInjectionConfiguration.isSource(start)
-    )
+    super.isSource(start)
     or
     start instanceof RemoteFlowSource
   }
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5XssQuery.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5XssQuery.qll
@@ -3,13 +3,11 @@ import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow as UI5DataF
 import advanced_security.javascript.frameworks.ui5.UI5View
 import semmle.javascript.security.dataflow.DomBasedXssQuery as DomBasedXss
 
-class Configuration extends TaintTracking::Configuration {
+class Configuration extends DomBasedXss::Configuration {
   Configuration() { this = "UI5 HTML Injection" }
 
   override predicate isSource(DataFlow::Node start) {
-    exists(DomBasedXss::Configuration domBasedXssConfiguration |
-      domBasedXssConfiguration.isSource(start)
-    )
+    super.isSource(start)
     or
     start instanceof RemoteFlowSource
   }
@@ -19,9 +17,7 @@ class Configuration extends TaintTracking::Configuration {
     DataFlow::FlowLabel outLabel
   ) {
     /* Already an additional flow step defined in `DomBasedXssQuery::Configuration` */
-    exists(DomBasedXss::Configuration domBasedXssConfiguration |
-      domBasedXssConfiguration.isAdditionalFlowStep(start, end, inLabel, outLabel)
-    )
+    super.isAdditionalFlowStep(start, end, inLabel, outLabel)
     or
     /* TODO: Legacy code */
     /* Handler argument node to handler parameter */
@@ -39,9 +35,7 @@ class Configuration extends TaintTracking::Configuration {
 
   override predicate isBarrier(DataFlow::Node node) {
     /* 1. Already a sanitizer defined in `DomBasedXssQuery::Configuration` */
-    exists(DomBasedXss::Configuration domBasedXssConfiguration |
-      domBasedXssConfiguration.isSanitizer(node)
-    )
+    super.isSanitizer(node)
     or
     /* 2. Value read from a non-string control property */
     exists(PropertyMetadata m | not m.isUnrestrictedStringType() | node = m)
diff --git a/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSReflectedXssQuery.qll b/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSReflectedXssQuery.qll
@@ -13,13 +13,11 @@ class XSJSResponseSetBodyCall extends MethodCallNode {
   XSJSResponse getParentXSJSResponse() { result = response }
 }
 
-class Configuration extends TaintTracking::Configuration {
+class Configuration extends DomBasedXss::Configuration {
   Configuration() { this = "XSJS Reflected XSS Query" }
 
   override predicate isSource(DataFlow::Node start) {
-    exists(DomBasedXss::Configuration domBasedXssConfiguration |
-      domBasedXssConfiguration.isSource(start)
-    ) or
+    super.isSource(start) or
     start instanceof RemoteFlowSource
   }
 
diff --git a/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSSqlInjectionQuery.qll b/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSSqlInjectionQuery.qll
@@ -12,13 +12,12 @@ class XSJSDBConnectionPrepareStatementArgument extends DataFlow::ValueNode {
   predicate isConcatenated() { this.getAPredecessor+() instanceof StringOps::ConcatenationNode }
 }
 
-class Configuration extends TaintTracking::Configuration {
+class Configuration extends SqlInjection::Configuration {
   Configuration() { this = "XSJS SQL Injection Query" }
 
   override predicate isSource(DataFlow::Node start) {
-    exists(SqlInjection::Configuration sqlInjectionConfiguration |
-      sqlInjectionConfiguration.isSource(start)
-    ) or
+    super.isSource(start)
+    or
     start instanceof RemoteFlowSource
   }
 
diff --git a/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSUrlRedirectQuery.qll b/javascript/frameworks/xsjs/lib/advanced_security/javascript/frameworks/xsjs/XSJSUrlRedirectQuery.qll
@@ -2,13 +2,12 @@ import javascript
 import advanced_security.javascript.frameworks.xsjs.AsyncXSJS
 import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery as UrlRedirect
 
-class Configuration extends TaintTracking::Configuration {
+class Configuration extends UrlRedirect::Configuration {
   Configuration() { this = "XSJS URL Redirect Query" }
 
   override predicate isSource(DataFlow::Node start) {
-    exists(UrlRedirect::Configuration urlRedirectConfiguration |
-      urlRedirectConfiguration.isSource(start)
-    ) or
+    super.isSource(start)
+    or
     start instanceof RemoteFlowSource
   }
 

Original file line number	Diff line number	Diff line change
`@@ -43,13 +43,11 @@ class CdsLogSink extends DataFlow::Node {`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
`46`		`-class CAPLogInjectionConfiguration extends TaintTracking::Configuration {`
	`46`	`+class CAPLogInjectionConfiguration extends LogInjectionConfiguration {`
`47`	`47`	`CAPLogInjectionConfiguration() { this = "CAP Log Injection" }`
`48`	`48`
`49`	`49`	`override predicate isSource(DataFlow::Node start) {`
`50`		`- exists(LogInjectionConfiguration logInjectionConfiguration \|`
`51`		`- logInjectionConfiguration.isSource(start)`
`52`		`- )`
	`50`	`+ super.isSource(start)`
`53`	`51`	`or`
`54`	`52`	`start instanceof RemoteFlowSource`
`55`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,13 +13,11 @@ class XSJSResponseSetBodyCall extends MethodCallNode {`
`13`	`13`	`XSJSResponse getParentXSJSResponse() { result = response }`
`14`	`14`	`}`
`15`	`15`
`16`		`-class Configuration extends TaintTracking::Configuration {`
	`16`	`+class Configuration extends DomBasedXss::Configuration {`
`17`	`17`	`Configuration() { this = "XSJS Reflected XSS Query" }`
`18`	`18`
`19`	`19`	`override predicate isSource(DataFlow::Node start) {`
`20`		`- exists(DomBasedXss::Configuration domBasedXssConfiguration \|`
`21`		`- domBasedXssConfiguration.isSource(start)`
`22`		`- ) or`
	`20`	`+ super.isSource(start) or`
`23`	`21`	`start instanceof RemoteFlowSource`
`24`	`22`	`}`
`25`	`23`
Original file line number	Diff line number	Diff line change
`@@ -12,13 +12,12 @@ class XSJSDBConnectionPrepareStatementArgument extends DataFlow::ValueNode {`
`12`	`12`	`predicate isConcatenated() { this.getAPredecessor+() instanceof StringOps::ConcatenationNode }`
`13`	`13`	`}`
`14`	`14`
`15`		`-class Configuration extends TaintTracking::Configuration {`
	`15`	`+class Configuration extends SqlInjection::Configuration {`
`16`	`16`	`Configuration() { this = "XSJS SQL Injection Query" }`
`17`	`17`
`18`	`18`	`override predicate isSource(DataFlow::Node start) {`
`19`		`- exists(SqlInjection::Configuration sqlInjectionConfiguration \|`
`20`		`- sqlInjectionConfiguration.isSource(start)`
`21`		`- ) or`
	`19`	`+ super.isSource(start)`
	`20`	`+ or`
`22`	`21`	`start instanceof RemoteFlowSource`
`23`	`22`	`}`
`24`	`23`