From 5b0ef40a3ec76679124669715ba7fca4ea7a1bfe Mon Sep 17 00:00:00 2001
From: Asger F <asgerf@github.com>
Date: Thu, 4 Sep 2025 09:35:42 +0200
Subject: [PATCH] JS: Remove special treatment of strings in AngularJS code

String literals are already SourceNodes. But we need to add template literals as well
---
 .../semmle/javascript/dataflow/Sources.qll    |  1 +
 .../frameworks/AngularJS/AngularJSCore.qll    | 40 -------------------
 2 files changed, 1 insertion(+), 40 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
index f861488a046..7503e5001e0 100644
--- a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
@@ -334,6 +334,7 @@ module SourceNode {
         astNode instanceof Templating::PipeRefExpr or
         astNode instanceof Templating::TemplateVarRefExpr or
         astNode instanceof StringLiteral or
+        astNode instanceof TemplateLiteral or
         astNode instanceof TypeAssertion or
         astNode instanceof SatisfiesExpr
       )
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
index 248a88e3d1c..41d14c1e3be 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
@@ -23,46 +23,6 @@ DataFlow::SourceNode angular() {
   result = DataFlow::moduleImport("angular")
 }
 
-/**
- * Holds if `tl` appears to be a top-level using the AngularJS library.
- *
- * Should not depend on the `SourceNode` class.
- */
-pragma[nomagic]
-private predicate isAngularTopLevel(TopLevel tl) {
-  exists(Import imprt |
-    imprt.getTopLevel() = tl and
-    imprt.getImportedPathString() = "angular"
-  )
-  or
-  exists(GlobalVarAccess global |
-    global.getName() = "angular" and
-    global.getTopLevel() = tl
-  )
-}
-
-/**
- * Holds if `s` is a string in a top-level using the AngularJS library.
- *
- * Should not depend on the `SourceNode` class.
- */
-pragma[nomagic]
-private predicate isAngularString(Expr s) {
-  isAngularTopLevel(s.getTopLevel()) and
-  (
-    s instanceof StringLiteral or
-    s instanceof TemplateLiteral
-  )
-}
-
-/**
- * String literals in Angular code are often used as identifiers or references, so we
- * want to track them.
- */
-private class TrackStringsInAngularCode extends DataFlow::SourceNode::Range, DataFlow::ValueNode {
-  TrackStringsInAngularCode() { isAngularString(astNode) }
-}
-
 /**
  * Holds if `m` is of the form `angular.module("name", ...)`.
  */