JS: Fix TaintedPath

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -333,17 +333,26 @@ module TaintTracking {
   }
 
   /**
+   * DEPRECATED. Use the predicate `TaintTracking::persistentStorageStep` instead.
+   *
    * A taint propagating data flow edge through persistent storage.
    */
-  class PersistentStorageTaintStep extends SharedTaintStep {
+  deprecated class PersistentStorageTaintStep extends SharedTaintStep {
     override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(PersistentReadAccess read |
-        pred = read.getAWrite().getValue() and
-        succ = read
-      )
+      persistentStorageStep(pred, succ)
     }
   }
 
+  /**
+   * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage.
+   */
+  predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(PersistentReadAccess read |
+      pred = read.getAWrite().getValue() and
+      succ = read
+    )
+  }
+
   predicate arrayFunctionTaintStep = ArrayTaintTracking::arrayFunctionTaintStep/3;
 
   /**

javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll

@@ -661,7 +661,7 @@ module TaintedPath {
     or
     promiseTaintStep(src, dst) and srclabel = dstlabel
     or
-    any(TaintTracking::PersistentStorageTaintStep st).step(src, dst) and srclabel = dstlabel
+    TaintTracking::persistentStorageStep(src, dst) and srclabel = dstlabel
     or
     exists(DataFlow::PropRead read | read = dst |
       src = read.getBase() and