JS: replace HTTP::RequestBody with ClientRequest.getADataNode

javascript/ql/src/semmle/javascript/frameworks/ClientRequests.qll

@@ -106,7 +106,7 @@ private class RequestUrlRequest extends CustomClientRequest {
   }
 
   override DataFlow::Node getADataNode() {
-    none()
+    result = getArgument(1)
   }
 
 }

javascript/ql/src/semmle/javascript/frameworks/HTTP.qll

@@ -132,11 +132,6 @@ module HTTP {
     result = "http" or result = "https"
   }
 
-  /**
-   * An expression whose value is sent as (part of) the body of an HTTP request (POST, PUT).
-   */
-  abstract class RequestBody extends DataFlow::Node {}
-  
   /**
    * An expression whose value is sent as (part of) the body of an HTTP response.
    */

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -775,7 +775,7 @@ module NodeJSLib {
     }
 
     override DataFlow::Node getADataNode() {
-      none()
+      result = getAMethodCall("write").getArgument(0)
     }
 
   }
@@ -811,18 +811,6 @@ module NodeJSLib {
       result = "http.request data parameter"
     }
   }
-  
-  /**
-   * An argument to client request.write () method, can be used to write body to a HTTP or HTTPS POST/PUT request, 
-   * or request option (like headers, cookies, even url) 
-   */
-  class HttpRequestWriteArgument extends HTTP::RequestBody, DataFlow::Node {
-    HttpRequestWriteArgument () {
-      exists(CustomClientRequest req |
-        this = req.getAMethodCall("write").getArgument(0) or
-        this = req.getArgument(0))
-    }
-  }
 
  /**
    * A data flow node that is registered as a callback for an HTTP or HTTPS request made by a Node.js process, for example the function `handler` in `http.request(url).on(message, handler)`.

javascript/ql/src/semmle/javascript/frameworks/Request.qll

@@ -44,13 +44,5 @@ module Request {
     }
 
   }
-  
-  // using 'request' library to make http 'POST' and 'PUT' requests with message body. 
-  private class RequestPostBody extends HTTP::RequestBody {
-      RequestPostBody () {
-          this = DataFlow::moduleMember("request", "post").getACall().getArgument(1) or
-          this = DataFlow::moduleImport("request").getAnInvocation().getArgument(0)
-      }
-  }
 
 }

javascript/ql/src/semmle/javascript/security/dataflow/FileAccessToHttp.qll

@@ -62,10 +62,15 @@ module FileAccessToHttpDataFlow {
     }
   }
 
-  /** Sink is any parameter or argument that evaluates to a parameter ot a function or call that sets Http Body on a request */ 
-  private class HttpRequestBodyAsSink extends Sink {
-    HttpRequestBodyAsSink () {
-      this instanceof HTTP::RequestBody
+  /**
+   * The URL or data of a client request, viewed as a sink.
+   */
+  private class ClientRequestUrlOrDataAsSink extends Sink {
+    ClientRequestUrlOrDataAsSink () {
+      exists (ClientRequest req |
+        this = req.getUrl() or
+        this = req.getADataNode()
+      )
     }
   }
 }