Remove localflow from the source

luchua-bc · luchua-bc · commit 1b1c3f953b9e · 2021-03-03T13:54:26.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -45,7 +45,7 @@ class SetCookieMethodAccess extends MethodAccess {
 class SensitiveCookieNameExpr extends Expr {
   SensitiveCookieNameExpr() {
     exists(
-      ClassInstanceExpr cie, Expr e // new Cookie("jwt_token", token)
+      ClassInstanceExpr cie // new Cookie("jwt_token", token)
     |
       (
         cie.getConstructor().getDeclaringType().hasQualifiedName("javax.servlet.http", "Cookie") or
@@ -55,16 +55,14 @@ class SensitiveCookieNameExpr extends Expr {
             .hasQualifiedName(["javax.ws.rs.core", "jakarta.ws.rs.core"], "Cookie")
       ) and
       this = cie and
-      isSensitiveCookieNameExpr(e) and
-      DataFlow::localExprFlow(e, cie.getArgument(0))
+      isSensitiveCookieNameExpr(cie.getArgument(0))
     )
     or
     exists(
-      SetCookieMethodAccess ma, Expr e // response.addHeader("Set-Cookie: token=" +authId + ";HttpOnly;Secure")
+      SetCookieMethodAccess ma // response.addHeader("Set-Cookie: token=" +authId + ";HttpOnly;Secure")
     |
       this = ma.getArgument(1) and
-      isSensitiveCookieNameExpr(e) and
-      DataFlow::localExprFlow(e, ma.getArgument(1))
+      isSensitiveCookieNameExpr(this)
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ class SetCookieMethodAccess extends MethodAccess {`
`45`	`45`	`class SensitiveCookieNameExpr extends Expr {`
`46`	`46`	`SensitiveCookieNameExpr() {`
`47`	`47`	`exists(`
`48`		`- ClassInstanceExpr cie, Expr e // new Cookie("jwt_token", token)`
	`48`	`+ ClassInstanceExpr cie // new Cookie("jwt_token", token)`
`49`	`49`	`\|`
`50`	`50`	`(`
`51`	`51`	`cie.getConstructor().getDeclaringType().hasQualifiedName("javax.servlet.http", "Cookie") or`
`@@ -55,16 +55,14 @@ class SensitiveCookieNameExpr extends Expr {`
`55`	`55`	`.hasQualifiedName(["javax.ws.rs.core", "jakarta.ws.rs.core"], "Cookie")`
`56`	`56`	`) and`
`57`	`57`	`this = cie and`
`58`		`- isSensitiveCookieNameExpr(e) and`
`59`		`- DataFlow::localExprFlow(e, cie.getArgument(0))`
	`58`	`+ isSensitiveCookieNameExpr(cie.getArgument(0))`
`60`	`59`	`)`
`61`	`60`	`or`
`62`	`61`	`exists(`
`63`		`- SetCookieMethodAccess ma, Expr e // response.addHeader("Set-Cookie: token=" +authId + ";HttpOnly;Secure")`
	`62`	`+ SetCookieMethodAccess ma // response.addHeader("Set-Cookie: token=" +authId + ";HttpOnly;Secure")`
`64`	`63`	`\|`
`65`	`64`	`this = ma.getArgument(1) and`
`66`		`- isSensitiveCookieNameExpr(e) and`
`67`		`- DataFlow::localExprFlow(e, ma.getArgument(1))`
	`65`	`+ isSensitiveCookieNameExpr(this)`
`68`	`66`	`)`
`69`	`67`	`}`
`70`	`68`	`}`