github
diff --git a/‎change-notes/1.21/analysis-javascript.md‎
Lines changed: 1 addition & 0 deletions b/‎change-notes/1.21/analysis-javascript.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎…Security/Summaries/AllConfigurations.qll‎ ‎…rc/Security/Summaries/Configurations.qll‎javascript/ql/src/Security/Summaries/AllConfigurations.qll renamed to javascript/ql/src/Security/Summaries/Configurations.qll
Lines changed: 0 additions & 5 deletions b/‎…Security/Summaries/AllConfigurations.qll‎ ‎…rc/Security/Summaries/Configurations.qll‎javascript/ql/src/Security/Summaries/AllConfigurations.qll renamed to javascript/ql/src/Security/Summaries/Configurations.qll
Lines changed: 0 additions & 5 deletions
diff --git a/‎javascript/ql/src/Security/Summaries/ExtractFlowStepSummaries.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/Summaries/ExtractFlowStepSummaries.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/Summaries/ExtractSinkSummaries.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/src/Security/Summaries/ExtractSourceSummaries.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll‎
Lines changed: 2 additions & 2 deletions b/‎javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll‎
Lines changed: 2 additions & 2 deletions
@@ -45,6 +45,7 @@
 | Useless assignment to property | Fewer false-positive results | This rule now ignore reads of additional getters. |
 | Unreachable statement | Unreachable throws no longer give an alert | This ignores unreachable throws, as they could be intentional (for example, to placate the TS compiler). |
 | Incorrect suffix check | Fewer false-positive results | This rule now recognizes valid checks in more cases. |
+| Tainted path | More results and fewer false-positive results | This rule now analyses path manipulation code more precisely. |
 
 ## Changes to QL libraries
 
 
@@ -12,15 +12,10 @@ import semmle.javascript.security.dataflow.CommandInjection
 import semmle.javascript.security.dataflow.DomBasedXss as DomBasedXss
 import semmle.javascript.security.dataflow.NosqlInjection
 import semmle.javascript.security.dataflow.ReflectedXss as ReflectedXss
-import semmle.javascript.security.dataflow.RegExpInjection
-import semmle.javascript.security.dataflow.RemotePropertyInjection
 import semmle.javascript.security.dataflow.ServerSideUrlRedirect
 import semmle.javascript.security.dataflow.SqlInjection
-import semmle.javascript.security.dataflow.StackTraceExposure
 import semmle.javascript.security.dataflow.StoredXss as StoredXss
-import semmle.javascript.security.dataflow.TaintedFormatString
 import semmle.javascript.security.dataflow.TaintedPath
 import semmle.javascript.security.dataflow.UnsafeDeserialization
 import semmle.javascript.security.dataflow.XmlBomb
-import semmle.javascript.security.dataflow.XpathInjection
 import semmle.javascript.security.dataflow.Xxe
@@ -9,7 +9,7 @@
  * @id js/step-summary-extraction
  */
 
-import AllConfigurations
+import Configurations
 import PortalExitSource
 import PortalEntrySink
 
 
@@ -7,7 +7,7 @@
  * @id js/sink-summary-extraction
  */
 
-import AllConfigurations
+import Configurations
 import PortalExitSource
 import SinkFromAnnotation
 
 
@@ -7,7 +7,7 @@
  * @id js/source-summary-extraction
  */
 
-import AllConfigurations
+import Configurations
 import PortalEntrySink
 import SourceFromAnnotation
 
 
@@ -242,10 +242,10 @@ module TaintTracking {
   /**
    * A taint propagating data flow edge through persistent storage.
    */
-  private class StorageTaintStep extends AdditionalTaintStep {
+  class PersistentStorageTaintStep extends AdditionalTaintStep {
     PersistentReadAccess read;
 
-    StorageTaintStep() { this = read }
+    PersistentStorageTaintStep() { this = read }
 
     override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
       pred = read.getAWrite().getValue() and