Move Customizations and Query

javascript/ql/experimental/CorsPermissiveConfigurationCustomizations.qll

@@ -1,73 +0,0 @@
-/**
- * Provides default sources, sinks and sanitizers for reasoning about
- * overly permissive CORS configurations, as well as
- * extension points for adding your own.
- */
-
-import javascript
-
-/** Module containing sources, sinks, and sanitizers for overly permissive CORS configurations. */
-module CorsPermissiveConfiguration {
-  /**
-   * A data flow source for permissive CORS configuration.
-   */
-  abstract class Source extends DataFlow::Node { }
-
-  /**
-   * A data flow sink for permissive CORS configuration.
-   */
-  abstract class Sink extends DataFlow::Node { }
-
-  /**
-   * A sanitizer for permissive CORS configuration.
-   */
-  abstract class Sanitizer extends DataFlow::Node { }
-
-  /** A source of remote user input, considered as a flow source for CORS misconfiguration. */
-  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
-    RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
-  }
-
-  /** A flow label representing `true` and `null` values. */
-  abstract class TrueAndNull extends DataFlow::FlowLabel {
-    TrueAndNull() { this = "TrueAndNull" }
-  }
-
-  TrueAndNull truenullLabel() { any() }
-
-  /** A flow label representing `*` value. */
-  abstract class Wildcard extends DataFlow::FlowLabel {
-    Wildcard() { this = "Wildcard" }
-  }
-
-  Wildcard wildcardLabel() { any() }
-
-  /** An overly permissive value for `origin` (Apollo) */
-  class TrueNullValue extends Source {
-    TrueNullValue() { this.mayHaveBooleanValue(true) or this.asExpr() instanceof NullLiteral }
-  }
-
-  /** An overly permissive value for `origin` (Express) */
-  class WildcardValue extends Source {
-    WildcardValue() { this.mayHaveStringValue("*") }
-  }
-
-  /**
-   * The value of cors origin when initializing the application.
-   */
-  class CorsApolloServer extends Sink, DataFlow::ValueNode {
-    CorsApolloServer() {
-      exists(Apollo::ApolloServer agql |
-        this =
-          agql.getOptionArgument(0, "cors").getALocalSource().getAPropertyWrite("origin").getRhs()
-      )
-    }
-  }
-
-  /**
-   * The value of cors origin when initializing the application.
-   */
-  class ExpressCors extends Sink, DataFlow::ValueNode {
-    ExpressCors() { exists(Express::CorsConfiguration config | this = config.getOrigin()) }
-  }
-}

javascript/ql/experimental/CorsPermissiveConfigurationQuery.qll

@@ -1,46 +0,0 @@
-/**
- * Provides a dataflow taint tracking configuration for reasoning
- * about overly permissive CORS configurations.
- *
- * Note, for performance reasons: only import this file if
- * `CorsPermissiveConfiguration::Configuration` is needed,
- * otherwise `CorsPermissiveConfigurationCustomizations` should
- * be imported instead.
- */
-
-import javascript
-import CorsPermissiveConfigurationCustomizations::CorsPermissiveConfiguration
-
-/**
- * A data flow configuration for overly permissive CORS configuration.
- */
-class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CorsPermissiveConfiguration" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-    source instanceof TrueNullValue and label = truenullLabel()
-    or
-    source instanceof WildcardValue and label = wildcardLabel()
-    or
-    source instanceof RemoteFlowSource and label = DataFlow::FlowLabel::taint()
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    sink instanceof CorsApolloServer and label = [DataFlow::FlowLabel::taint(), truenullLabel()]
-    or
-    sink instanceof ExpressCors and label = [DataFlow::FlowLabel::taint(), wildcardLabel()]
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node) or
-    node instanceof Sanitizer
-  }
-}
-
-private class WildcardActivated extends DataFlow::FlowLabel, Wildcard {
-  WildcardActivated() { this = this }
-}
-
-private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull {
-  TrueAndNullActivated() { this = this }
-}