Remove @Input() decorated members as remote sources, in favour of a later Threat Model

2025-12-17 17:23:36 +01:00 · 2025-01-06 16:51:35 +00:00
parent 8dac00aa83
commit e414b8c5be
1 changed files with 0 additions and 36 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemoteFlowSources.qll
@@ -184,39 +184,3 @@ private class ExternalRemoteFlowSource extends RemoteFlowSource {

  override string getSourceType() { result = ap.getSourceType() }
 }
-
-/**
- *  An Angular @Input() decorator on a member declaration.
- */
-class InputMember extends MemberDeclaration {
-  InputMember() {
-    exists(Decorator decorator, Expr expr |
-      decorator.getElement() = this and
-      decorator.getExpression() = expr and
-      expr.(CallExpr).getCallee().(VarRef).getName() = "Input"
-    )
-  }
-}
-
-/**
- * A use of an Angular @Input() member, modeled as `InputMember`.
- */
-class InputMemberUse extends DataFlow::Node {
-  InputMemberUse() {
-    exists(InputMember member, string memberName, ThisExpr ta, FieldAccess fa |
-      memberName = member.getName() and
-      fa.getBase() = ta and
-      fa.getPropertyName() = memberName and
-      this.asExpr() = fa
-    )
-  }
-}
-
-/**
- * A remote flow source that is a member of an Angular component class.
- */
-private class AngularInputUse extends RemoteFlowSource, InputMemberUse {
-  AngularInputUse() { this = this }
-
-  override string getSourceType() { result = "Angular @Input()" }
-}