diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll index 8a51de7efd7..e82ad7a4b35 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll @@ -96,8 +96,6 @@ private class IntentFlagsOrDataChangedSanitizer extends IntentUriPermissionManip * ``` */ private class IntentFlagsOrDataCheckedGuard extends IntentUriPermissionManipulationGuard { - Expr condition; - IntentFlagsOrDataCheckedGuard() { intentFlagsOrDataChecked(this, _, _) } override predicate checks(Expr e, boolean branch) { intentFlagsOrDataChecked(this, e, branch) } diff --git a/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll b/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll index aba7bba5238..3d2118f7e27 100644 --- a/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll +++ b/java/ql/src/experimental/semmle/code/java/PathSanitizer.qll @@ -136,8 +136,6 @@ private predicate isDisallowedWord(CompileTimeConstantExpr word) { /** A complementary guard that protects against path traversal, by looking for the literal `..`. */ class PathTraversalGuard extends Guard instanceof MethodAccess { - Expr checked; - PathTraversalGuard() { super.getMethod().getDeclaringType() instanceof TypeString and super.getMethod().hasName(["contains", "indexOf"]) and diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index d6006545827..e86af94463f 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -330,8 +330,6 @@ module ClientRequest { * A model of a URL request made using `require("needle")(...)`. */ class PromisedNeedleRequest extends ClientRequest::Range { - DataFlow::Node url; - PromisedNeedleRequest() { this = DataFlow::moduleImport("needle").getACall() } override DataFlow::Node getUrl() { result = this.getArgument(1) } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll index 617d1720ab1..9dcd4d9fbb9 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll @@ -683,8 +683,6 @@ private module ExpressJwt { */ private module NodeRsa { private class CreateKey extends CryptographicKeyCreation, API::InvokeNode { - CryptographicAlgorithm algorithm; - CreateKey() { this = API::moduleImport("node-rsa").getAnInstantiation() or diff --git a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll index 9c66d9a4601..2bd354c151e 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/Flask.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/Flask.qll @@ -75,7 +75,10 @@ module ExperimentalFlask { private class FlaskResponse extends DataFlow::CallCfgNode, HeaderDeclaration::Range { KeyValuePair item; - FlaskResponse() { this = Flask::Response::classRef().getACall() } + FlaskResponse() { + this = Flask::Response::classRef().getACall() and + item = this.getArg(_).asExpr().(Dict).getAnItem() + } override DataFlow::Node getNameArg() { result.asExpr() = item.getKey() }