Adjust CDSUtil to make simpler

rm type tracking that covers rare case

Author: knewbury01

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDSUtils.qll

@@ -96,15 +96,6 @@ class FileWriters extends DataFlow::CallNode {
     exists(CdsUtilsModuleAccess utils | utils.getMember(["append", "write"]).getACall() = this)
   }
 
-  SourceNode fileReaderWriterUtils(TypeTracker t) {
-    t.start() and
-    result = this
-    or
-    exists(TypeTracker t2 | result = fileReaderWriterUtils(t2).track(t2, t))
-  }
-
-  SourceNode fileReaderWriterUtils() { result = fileReaderWriterUtils(TypeTracker::end()) }
-
   /**
    * Gets the arguments to these calls that represent data.
    */
@@ -121,7 +112,7 @@ class FileWriters extends DataFlow::CallNode {
    * Includes arguments to chained calls `to`, where that argument also represents a path.
    */
   DataFlow::Node getPath() {
-    fileReaderWriterUtils().getAMemberCall("to").getAnArgument() = result
+    this.getAMemberCall("to").getAnArgument() = result
     or
     this.getNumArgument() = 2 and
     this.getArgument(0) = result
@@ -137,21 +128,12 @@ class FileReaderWriters extends DataFlow::CallNode {
     exists(CdsUtilsModuleAccess utils | utils.getMember(["copy"]).getACall() = this)
   }
 
-  SourceNode fileReaderWriterUtils(TypeTracker t) {
-    t.start() and
-    result = this
-    or
-    exists(TypeTracker t2 | result = fileReaderWriterUtils(t2).track(t2, t))
-  }
-
-  SourceNode fileReaderWriterUtils() { result = fileReaderWriterUtils(TypeTracker::end()) }
-
   /**
    * Gets the arguments to these calls that represent a path.
    * Includes arguments to chained calls `to`, where that argument also represents a path.
    */
   DataFlow::Node getPath() {
-    fileReaderWriterUtils().getAMemberCall("to").getArgument(_) = result
+    this.getAMemberCall("to").getArgument(_) = result
     or
     this.getAnArgument() = result
   }

javascript/frameworks/cap/test/models/cds/utils/utils.expected

@@ -36,4 +36,3 @@
 | utils.js:43:24:43:29 | 'data' | 'data': sink |
 | utils.js:44:10:44:23 | 'dist/db/data' | 'dist/db/data': sink |
 | utils.js:52:20:52:28 | 'db/data' | 'db/data': sink |
-| utils.js:57:10:57:23 | 'dist/db/data' | 'dist/db/data': sink |

javascript/frameworks/cap/test/models/cds/utils/utils.js

@@ -54,5 +54,5 @@ function wrapperinnermid(temp) {
 }
 
 function wrapperinner(a) {
-    a.to('dist/db/data')  // sink
+    a.to('dist/db/data')  // sink - [FALSE_NEGATIVE] - rare case as CAP is a fluent API
 }