From 9f8a9b9cadb8f1811e52f0de523467058629c54c Mon Sep 17 00:00:00 2001
From: Asger Feldthaus <asgerf@github.com>
Date: Tue, 20 Apr 2021 17:10:09 +0100
Subject: [PATCH 1/3] JS: Add taint source/sink summary queries

---
 javascript/ql/src/Summary/TaintSinks.ql   | 15 +++++++++++++++
 javascript/ql/src/Summary/TaintSources.ql | 16 ++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 javascript/ql/src/Summary/TaintSinks.ql
 create mode 100644 javascript/ql/src/Summary/TaintSources.ql

diff --git a/javascript/ql/src/Summary/TaintSinks.ql b/javascript/ql/src/Summary/TaintSinks.ql
new file mode 100644
index 000000000000..24f6579efecc
--- /dev/null
+++ b/javascript/ql/src/Summary/TaintSinks.ql
@@ -0,0 +1,15 @@
+/**
+ * @name Taint sinks
+ * @description Expressions that are vulnerable if containing untrusted data.
+ * @kind problem
+ * @problem.severity informational
+ * @id js/summary/taint-sinks
+ * @tags summary
+ * @precision medium
+ */
+
+import javascript
+import meta.internal.TaintMetrics
+
+from string kind
+select relevantTaintSink(kind), kind + " sink"
diff --git a/javascript/ql/src/Summary/TaintSources.ql b/javascript/ql/src/Summary/TaintSources.ql
new file mode 100644
index 000000000000..7178a76dde94
--- /dev/null
+++ b/javascript/ql/src/Summary/TaintSources.ql
@@ -0,0 +1,16 @@
+/**
+ * @name Taint sources
+ * @description Sources of untrusted input.
+ * @kind problem
+ * @problem.severity informational
+ * @id js/summary/taint-sources
+ * @tags summary
+ * @precision medium
+ */
+
+import javascript
+import meta.internal.TaintMetrics
+
+from RemoteFlowSource node
+where node = relevantTaintSource()
+select node, node.getSourceType()

From 02707f0777d42601511f3ad6cd22927baed41fae Mon Sep 17 00:00:00 2001
From: Asger Feldthaus <asgerf@github.com>
Date: Tue, 20 Apr 2021 19:51:16 +0100
Subject: [PATCH 2/3] JS: informational -> info

---
 javascript/ql/src/Summary/TaintSinks.ql   | 2 +-
 javascript/ql/src/Summary/TaintSources.ql | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/src/Summary/TaintSinks.ql b/javascript/ql/src/Summary/TaintSinks.ql
index 24f6579efecc..2da65398935f 100644
--- a/javascript/ql/src/Summary/TaintSinks.ql
+++ b/javascript/ql/src/Summary/TaintSinks.ql
@@ -2,7 +2,7 @@
  * @name Taint sinks
  * @description Expressions that are vulnerable if containing untrusted data.
  * @kind problem
- * @problem.severity informational
+ * @problem.severity info
  * @id js/summary/taint-sinks
  * @tags summary
  * @precision medium
diff --git a/javascript/ql/src/Summary/TaintSources.ql b/javascript/ql/src/Summary/TaintSources.ql
index 7178a76dde94..78e544f0bd5a 100644
--- a/javascript/ql/src/Summary/TaintSources.ql
+++ b/javascript/ql/src/Summary/TaintSources.ql
@@ -2,7 +2,7 @@
  * @name Taint sources
  * @description Sources of untrusted input.
  * @kind problem
- * @problem.severity informational
+ * @problem.severity info
  * @id js/summary/taint-sources
  * @tags summary
  * @precision medium

From df5eab33f946ed0b88da4287f24659e01ab6e399 Mon Sep 17 00:00:00 2001
From: Asger Feldthaus <asgerf@github.com>
Date: Mon, 10 May 2021 09:43:33 +0100
Subject: [PATCH 3/3] JS: Update relevantTaintSource()

---
 javascript/ql/src/meta/internal/TaintMetrics.qll | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/javascript/ql/src/meta/internal/TaintMetrics.qll b/javascript/ql/src/meta/internal/TaintMetrics.qll
index 6d10b2c6ad61..f6eae2eaa6e9 100644
--- a/javascript/ql/src/meta/internal/TaintMetrics.qll
+++ b/javascript/ql/src/meta/internal/TaintMetrics.qll
@@ -75,16 +75,9 @@ DataFlow::Node relevantTaintSink(string kind) {
 DataFlow::Node relevantTaintSink() { result = relevantTaintSink(_) }
 
 /**
- * Gets a remote flow source or `document.location` source.
+ * Gets a relevant remote flow source.
  */
-DataFlow::Node relevantTaintSource() {
-  not result.getFile() instanceof IgnoredFile and
-  (
-    result instanceof RemoteFlowSource
-    or
-    result = DOM::locationSource()
-  )
-}
+RemoteFlowSource relevantTaintSource() { not result.getFile() instanceof IgnoredFile }
 
 /**
  * Gets the output of a call that shows intent to sanitize a value