From 64fa53aa2e3df0e9c07eb1601f71a88e00aaaffc Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esbena@github.com>
Date: Tue, 6 Oct 2020 13:11:35 +0200
Subject: [PATCH] Remove 2020 sinks from Xss.ql

---
 javascript/ql/lib/semmle/javascript/DOM.qll   | 29 -------------------
 .../semmle/javascript/frameworks/jQuery.qll   |  8 -----
 2 files changed, 37 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/DOM.qll b/javascript/ql/lib/semmle/javascript/DOM.qll
index b8db6dad5a7..5261f65c47d 100644
--- a/javascript/ql/lib/semmle/javascript/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/DOM.qll
@@ -354,35 +354,6 @@ module DOM {
           call.getNumArgument() = 1 and
           unique(InferredType t | t = getArgumentTypeFromJQueryMethodGet(call)) = TTNumber()
         )
-        or
-        // A `this` node from a callback given to a `$().each(callback)` call.
-        // purposely not using JQuery::MethodCall to avoid `jquery.each()`.
-        exists(DataFlow::CallNode eachCall | eachCall = JQuery::objectRef().getAMethodCall("each") |
-          this = DataFlow::thisNode(eachCall.getCallback(0).getFunction()) or
-          this = eachCall.getABoundCallbackParameter(0, 1)
-        )
-        or
-        // A read of an array-element from a JQuery object. E.g. `$("#foo")[0]`
-        exists(DataFlow::PropRead read |
-          read = this and read = JQuery::objectRef().getAPropertyRead()
-        |
-          unique(InferredType t | t = read.getPropertyNameExpr().analyze().getAType()) = TTNumber()
-        )
-        or
-        // A receiver node of an event handler on a DOM node
-        exists(DataFlow::SourceNode domNode, DataFlow::FunctionNode eventHandler |
-          // NOTE: we do not use `getABoundFunctionValue()`, since bound functions tend to have
-          // a different receiver anyway
-          eventHandler = domNode.getAPropertySource(any(string n | n.matches("on%")))
-          or
-          eventHandler =
-            domNode.getAMethodCall("addEventListener").getArgument(1).getAFunctionValue()
-        |
-          domNode = domValueRef() and
-          this = eventHandler.getReceiver()
-        )
-        or
-        this = DataFlow::thisNode(any(EventHandlerCode evt))
       }
     }
   }
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll b/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll
index 0f2b36216c9..d296cd71204 100644
--- a/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll
@@ -464,14 +464,6 @@ module JQuery {
       }
     }
 
-    /**
-     * A `this` node in a JQuery plugin function, which is a JQuery object.
-     */
-    private class JQueryPluginThisObject extends Range {
-      JQueryPluginThisObject() {
-        this = DataFlow::thisNode(any(JQueryPluginMethod method).getFunction())
-      }
-    }
   }
 
   /** Gets a source of jQuery objects from the AST-based `JQueryObject` class. */