Ruby: drop in-barriers from url-redirect and server-side-request-forgery queries

Author: alexrford

ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll

@@ -32,11 +32,6 @@ module ServerSideRequestForgery {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
-  /**
-   * An in-sanitizer for server side request forgery vulnerabilities.
-   */
-  abstract class SanitizerIn extends DataFlow::Node { }
-
   /**
    * A out-sanitizer for server side request forgery vulnerabilities.
    */
@@ -67,13 +62,6 @@ module ServerSideRequestForgery {
     HostnameSanitizer() { this = DataFlow::BarrierGuard<hostnameGuard/3>::getABarrierNode() }
   }
 
-  /**
-   * An in-sanitizer for the hostname of a URL.
-   */
-  class HostnameSanitizerIn extends SanitizerIn {
-    HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) }
-  }
-
   /**
    * An out-sanitizer for the hostname of a URL.
    */

ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll

@@ -30,8 +30,6 @@ deprecated class Configuration extends TaintTracking::Configuration {
     node instanceof StringConstArrayInclusionCallBarrier
   }
 
-  override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn }
-
   override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut }
 
   deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
@@ -50,8 +48,6 @@ private module ServerSideRequestForgeryConfig implements DataFlow::ConfigSig {
     node instanceof StringConstArrayInclusionCallBarrier
   }
 
-  predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn }
-
   predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut }
 }
 

ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll

@@ -34,11 +34,6 @@ module UrlRedirect {
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
-  /**
-   * An in-sanitizer for "URL redirection" vulnerabilities.
-   */
-  abstract class SanitizerIn extends DataFlow::Node { }
-
   /**
    * An out-sanitizer for "URL redirection" vulnerabilities.
    */
@@ -139,13 +134,6 @@ module UrlRedirect {
     HostnameSanitizer() { this = DataFlow::BarrierGuard<hostnameGuard/3>::getABarrierNode() }
   }
 
-  /**
-   * An in-sanitizer for the hostname of a URL.
-   */
-  class HostnameSanitizerIn extends SanitizerIn {
-    HostnameSanitizerIn() { hostnameSanitizingPrefixEdge(_, this) }
-  }
-
   /**
    * An out-sanitizer for the hostname of a URL.
    */

ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll

@@ -25,8 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration {
 
   override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
 
-  override predicate isSanitizerIn(DataFlow::Node node) { node instanceof SanitizerIn }
-
   override predicate isSanitizerOut(DataFlow::Node node) { node instanceof SanitizerOut }
 
   deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
@@ -45,8 +43,6 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
-  predicate isBarrierIn(DataFlow::Node node) { node instanceof SanitizerIn }
-
   predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerOut }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {