JS: Share more code with Ruby

javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql

@@ -13,29 +13,4 @@
  *       external/cwe/cwe-116
  */
 
-import javascript
-private import semmle.javascript.security.IncompleteMultiCharacterSanitization
-
-from
-  StringReplaceCall replace, EmptyReplaceRegExpTerm regexp, EmptyReplaceRegExpTerm dangerous,
-  string prefix, string kind
-where
-  regexp = replace.getRegExp().getRoot() and
-  dangerous.getRootTerm() = regexp and
-  // skip leading optional elements
-  not dangerous.isNullable() and
-  // only warn about the longest match (presumably the most descriptive)
-  prefix = max(string m | matchesDangerousPrefix(dangerous, m, kind) | m order by m.length(), m) and
-  // only warn once per kind
-  not exists(EmptyReplaceRegExpTerm other |
-    other = dangerous.getAChild+() or other = dangerous.getPredecessor+()
-  |
-    matchesDangerousPrefix(other, _, kind) and
-    not other.isNullable()
-  ) and
-  // don't flag replace operations in a loop
-  not replace.getAMethodCall*().flowsTo(replace.getReceiver()) and
-  // avoid anchored terms
-  not exists(RegExpAnchor a | regexp = a.getRootTerm())
-select replace, "This string may still contain $@, which may cause a " + kind + " vulnerability.",
-  dangerous, prefix
+import semmle.javascript.security.IncompleteMultiCharacterSanitization