move storedXss sources to the Customizations file

erik-krogh · erik-krogh · commit 06394c8dc61a · 2022-04-20T18:17:49.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll
@@ -27,6 +27,16 @@ module StoredXss {
     AnySink() { this instanceof Shared::Sink }
   }
 
+  /** A file name, considered as a flow source for stored XSS. */
+  class FileNameSourceAsSource extends Source {
+    FileNameSourceAsSource() { this instanceof FileNameSource }
+  }
+
+  /** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */
+  class UserControlledTorrentInfoAsSource extends Source {
+    UserControlledTorrentInfoAsSource() { this instanceof ParseTorrent::UserControlledTorrentInfo }
+  }
+
   /**
    * A regexp replacement involving an HTML meta-character, viewed as a sanitizer for
    * XSS vulnerabilities.
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll
@@ -28,16 +28,6 @@ class Configuration extends TaintTracking::Configuration {
   }
 }
 
-/** A file name, considered as a flow source for stored XSS. */
-class FileNameSourceAsSource extends Source {
-  FileNameSourceAsSource() { this instanceof FileNameSource }
-}
-
-/** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */
-class UserControlledTorrentInfoAsSource extends Source {
-  UserControlledTorrentInfoAsSource() { this instanceof ParseTorrent::UserControlledTorrentInfo }
-}
-
 private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
   QuoteGuard() { this = this }
 }

Original file line number	Diff line number	Diff line change
`@@ -28,16 +28,6 @@ class Configuration extends TaintTracking::Configuration {`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		`-/** A file name, considered as a flow source for stored XSS. */`
`32`		`-class FileNameSourceAsSource extends Source {`
`33`		`- FileNameSourceAsSource() { this instanceof FileNameSource }`
`34`		`-}`
`35`		`-`
`36`		`-/** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */`
`37`		`-class UserControlledTorrentInfoAsSource extends Source {`
`38`		`- UserControlledTorrentInfoAsSource() { this instanceof ParseTorrent::UserControlledTorrentInfo }`
`39`		`-}`
`40`		`-`
`41`	`31`	`private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {`
`42`	`32`	`QuoteGuard() { this = this }`
`43`	`33`	`}`