Merge pull request #2168 from xiemaisi/js/remove-duplicate-configuration

semmle-qlci · web-flow · commit cbfa1cd0586d · 2019-10-22T17:02:26.000+01:00
Approved by erik-krogh
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll
@@ -36,43 +36,4 @@ module CommandInjection {
     override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
   }
 
-  /**
-   * Auxiliary data flow configuration for tracking string literals that look like they
-   * may refer to an operating system shell, and array literals that may end up being
-   * interpreted as argument lists for system commands.
-   */
-  class ArgumentListTracking extends DataFlow::Configuration {
-    ArgumentListTracking() { this = "ArgumentListTracking" }
-
-    override predicate isSource(DataFlow::Node nd) {
-      nd instanceof DataFlow::ArrayCreationNode
-      or
-      exists(ConstantString shell | shellCmd(shell, _) | nd = DataFlow::valueNode(shell))
-    }
-
-    override predicate isSink(DataFlow::Node nd) {
-      exists(SystemCommandExecution sys |
-        nd = sys.getACommandArgument() or
-        nd = sys.getArgumentList()
-      )
-    }
-  }
-
-  /**
-   * Holds if `shell arg <cmd>` runs `<cmd>` as a shell command.
-   *
-   * That is, either `shell` is a Unix shell (`sh` or similar) and
-   * `arg` is `"-c"`, or `shell` is `cmd.exe` and `arg` is `"/c"`.
-   */
-  private predicate shellCmd(ConstantString shell, string arg) {
-    exists(string s | s = shell.getStringValue() |
-      (s = "sh" or s = "bash" or s = "/bin/sh" or s = "/bin/bash") and
-      arg = "-c"
-    )
-    or
-    exists(string s | s = shell.getStringValue().toLowerCase() |
-      (s = "cmd" or s = "cmd.exe") and
-      (arg = "/c" or arg = "/C")
-    )
-  }
 }
