From a88c3682ff429dddb09dfd826c9c5efb4bc2c593 Mon Sep 17 00:00:00 2001
From: Porcuiney Hairs <porcupiney.hairs@protonmail.com>
Date: Thu, 18 Mar 2021 16:11:27 +0530
Subject: [PATCH] remove sanitiserGuards

---
 .../Security/CWE/CWE-117/LogInjection.ql      | 29 -------------------
 1 file changed, 29 deletions(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql
index 440c39b77e8a..7183c74b5bf7 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql
@@ -30,35 +30,6 @@ private class LogInjectionConfiguration extends TaintTracking::Configuration {
   override predicate isSanitizer(DataFlow::Node node) {
     node.getType() instanceof BoxedType or node.getType() instanceof PrimitiveType
   }
-
-  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof StrCheckSanitizerGuard
-  }
-}
-
-/**
- * Models any regex or equality check as a sanitizer guard.
- * Assumes any check on the taint to be a valid sanitizing check.
- */
-private class StrCheckSanitizerGuard extends DataFlow::BarrierGuard {
-  StrCheckSanitizerGuard() {
-    exists(Method m |
-      m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
-      m.hasName("matches")
-      or
-      m.getDeclaringType() instanceof TypeString and
-      m.hasName([
-          "startsWith", "regionMatches", "matches", "equals", "equalsIgnoreCase", "endsWith",
-          "contentEquals", "contains"
-        ])
-    |
-      m.getAReference() = this
-    )
-  }
-
-  override predicate checks(Expr e, boolean branch) {
-    e = this.(MethodAccess).getQualifier() and branch = true
-  }
 }
 
 from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink