Address review feedback

Author: knewbury01

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPPathInjectionQuery.qll

@@ -77,23 +77,3 @@ class ControlledInputPath extends UtilsControlledPathSink {
     exists(DirectoryReaders dr | dr.getPath() = this)
   }
 }
-
-/**
- * This represents calls where the taint flows through the call. e.g.
- * ```javascript
- * let dir = isdir ('app')
- * ```
- */
-class CDSAdditionalFlowStep extends UtilsExtraFlow {
-  DataFlow::CallNode outNode;
-
-  CDSAdditionalFlowStep() {
-    exists(PathConverters pc | pc.getPath() = this and outNode = pc)
-    or
-    exists(PathPredicates pr | pr.getPath() = this and outNode = pr)
-  }
-
-  DataFlow::CallNode getOutgoingNode() { result = outNode }
-
-  DataFlow::Node getIngoingNode() { result = this }
-}

javascript/frameworks/cap/src/path-traversal/PathInjection.md

@@ -34,18 +34,18 @@ const cds = require("@sap/cds");
 const { rm } = cds.utils
 
 module.exports = class Service1 extends cds.ApplicationService {
-
-    init() {
-        this.on("send1", async (req) => {
-            let userinput = req.data
-            await write(userinput).to('db/data') // Path injection alert
-        }
+  init() {
+    this.on("send1", async (req) => {
+      let userinput = req.data
+      await write(userinput).to('db/data') // Path injection alert
     }
+  }
 }
-
 ```
 
 ## References
 
 - OWASP 2021: [Injection](https://owasp.org/Top10/A03_2021-Injection/).
-- SAP CAP CDS Utils : [Documentation](https://cap.cloud.sap/docs/node.js/cds-utils).
+- SAP CAP CDS Utils : [Documentation](https://cap.cloud.sap/docs/node.js/cds-utils).
+- Common Weakness Enumeration: [CWE-020](https://cwe.mitre.org/data/definitions/20.html).
+- Common Weakness Enumeration: [CWE-022](https://cwe.mitre.org/data/definitions/22.html).

javascript/frameworks/cap/src/path-traversal/PathInjection.ql

@@ -1,5 +1,5 @@
 /**
- * @name Use of user controlled input in CAP CDS file system utilies
+ * @name Use of user controlled input in CAP CDS file system utilities
  * @description Using unchecked user controlled values can allow an
  *              attacker to affect paths constructed and accessed in
  *              the filesystem.
@@ -16,17 +16,24 @@
 import javascript
 import advanced_security.javascript.frameworks.cap.CAPPathInjectionQuery
 import advanced_security.javascript.frameworks.cap.RemoteFlowSources
+private import semmle.javascript.security.dataflow.TaintedPathCustomizations
+private import semmle.javascript.security.dataflow.TaintedPathQuery
 
 module PathInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof UtilsSink }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodein, DataFlow::Node nodeout) {
-    exists(CDSAdditionalFlowStep step |
-      step.getIngoingNode() = nodein and
-      step.getOutgoingNode() = nodeout
-    )
+    exists(PathConverters pc | pc.getPath() = nodein and nodeout = pc)
+    or
+    exists(PathPredicates pr | pr.getPath() = nodein and nodeout = pr)
+  }
+
+  predicate isBarrier(DataFlow::Node node) {
+    node instanceof TaintedPath::Sanitizer
+    or
+    TaintedPathConfig::isBarrier(node)
   }
 }