remove the length sanitizer from loop-bound-injection - it did nothing

erik-krogh · erik-krogh · commit d35604ed825b · 2022-04-13T09:43:21.000+02:00
diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll
@@ -8,7 +8,6 @@
  */
 
 import javascript
-import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations
 import ResourceExhaustionCustomizations::ResourceExhaustion
 
 /**
@@ -34,7 +33,6 @@ class Configuration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
-    guard instanceof LoopBoundInjection::LengthCheckSanitizerGuard or
     guard instanceof UpperBoundsCheckSanitizerGuard
   }
 

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,6 @@`
`8`	`8`	`*/`
`9`	`9`
`10`	`10`	`import javascript`
`11`		`-import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations`
`12`	`11`	`import ResourceExhaustionCustomizations::ResourceExhaustion`
`13`	`12`
`14`	`13`	`/**`
`@@ -34,7 +33,6 @@ class Configuration extends TaintTracking::Configuration {`
`34`	`33`	`}`
`35`	`34`
`36`	`35`	`override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {`
`37`		`- guard instanceof LoopBoundInjection::LengthCheckSanitizerGuard or`
`38`	`36`	`guard instanceof UpperBoundsCheckSanitizerGuard`
`39`	`37`	`}`
`40`	`38`