JavaScript: Remove ReflectdXssPath.ql, which is now spurious.

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssPath.expected

@@ -1,47 +0,0 @@
-edges
-| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
-| etherpad.js:9:5:9:53 | response | etherpad.js:11:3:11:3 | response |
-| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:36 | req.que ... p + "(" |
-| etherpad.js:9:16:9:36 | req.que ... p + "(" | etherpad.js:9:16:9:47 | req.que ... esponse |
-| etherpad.js:9:16:9:47 | req.que ... esponse | etherpad.js:9:16:9:53 | req.que ... e + ")" |
-| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
-| etherpad.js:11:3:11:3 | response | etherpad.js:11:12:11:19 | response |
-| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
-| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
-| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
-| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
-| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
-| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
-| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
-| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
-| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
-| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
-| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
-| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
-| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
-| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
-| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
-| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
-| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
-| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
-| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
-| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
-| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
-| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
-| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
-| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
-| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
-| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
-#select
-| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
-| etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value |
-| formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
-| formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
-| partial.js:10:14:10:18 | x + y | partial.js:13:42:13:48 | req.url | partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:13:42:13:48 | req.url | user-provided value |
-| partial.js:19:14:19:18 | x + y | partial.js:22:51:22:57 | req.url | partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:22:51:22:57 | req.url | user-provided value |
-| partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value |
-| partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value |
-| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
-| promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
-| tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value |
-| tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssPath.ql

@@ -1,21 +0,0 @@
-/**
- * @name Reflected cross-site scripting
- * @description Writing user input directly to an HTTP response allows for
- *              a cross-site scripting vulnerability.
- * @kind path-problem
- * @problem.severity error
- * @precision high
- * @id js/reflected-xss-path
- * @tags security
- *       external/cwe/cwe-079
- *       external/cwe/cwe-116
- */
-
-import javascript
-import semmle.javascript.security.dataflow.ReflectedXss
-import DataFlow::PathGraph
-
-from DataFlow::PathNode source, DataFlow::PathNode sink, ReflectedXss::Configuration cfg
-where cfg.hasPathFlow(source, sink)
-select sink, source, sink, "Cross-site scripting vulnerability due to $@.",
-       source, "user-provided value"