JS: remove cookie source; rely on persistent flow steps instead

2026-04-29 10:45:15 +02:00 · 2018-12-13 17:07:12 +00:00
parent c37d655fe8
commit 78334af354
1 changed files with 0 additions and 14 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -16,17 +16,3 @@ abstract class RemoteFlowSource extends DataFlow::Node {
   */
  predicate isUserControlledObject() { none() }
 }
-
-/**
- * An access to `document.cookie`, viewed as a source of remote user input.
- */
-private class DocumentCookieSource extends RemoteFlowSource, DataFlow::ValueNode {
-  DocumentCookieSource() {
-    isDocument(astNode.(PropAccess).getBase()) and
-    astNode.(PropAccess).getPropertyName() = "cookie"
-  }
-
-  override string getSourceType() {
-    result = "document.cookie"
-  }
-}