JS: Migrate JQueryMethodCall to new API

asger-semmle · asger-semmle · commit c09e748bca81 · 2019-10-08T14:05:10.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -59,14 +59,14 @@ module DomBasedXss {
   class LibrarySink extends Sink, DataFlow::ValueNode {
     LibrarySink() {
       // call to a jQuery method that interprets its argument as HTML
-      exists(JQueryMethodCall call | call.interpretsArgumentAsHtml(astNode) |
+      exists(JQuery::MethodCall call | call.interpretsArgumentAsHtml(this) |
         // either the argument is always interpreted as HTML
-        not call.interpretsArgumentAsSelector(astNode)
+        not call.interpretsArgumentAsSelector(this)
         or
         // or it doesn't start with something other than `<`, and so at least
         // _may_ be interpreted as HTML
         not exists(DataFlow::Node prefix, string strval |
-          isPrefixOfJQueryHtmlString(astNode, prefix) and
+          isPrefixOfJQueryHtmlString(this, prefix) and
           strval = prefix.getStringValue() and
           not strval.regexpMatch("\\s*<.*")
         ) and
@@ -90,9 +90,9 @@ module DomBasedXss {
    * Holds if `prefix` is a prefix of `htmlString`, which may be intepreted as
    * HTML by a jQuery method.
    */
-  private predicate isPrefixOfJQueryHtmlString(Expr htmlString, DataFlow::Node prefix) {
-    any(JQueryMethodCall call).interpretsArgumentAsHtml(htmlString) and
-    prefix = htmlString.flow()
+  private predicate isPrefixOfJQueryHtmlString(DataFlow::Node htmlString, DataFlow::Node prefix) {
+    any(JQuery::MethodCall call).interpretsArgumentAsHtml(htmlString) and
+    prefix = htmlString
     or
     exists(DataFlow::Node pred | isPrefixOfJQueryHtmlString(htmlString, pred) |
       prefix = StringConcatenation::getFirstOperand(pred)
