Fix utils unit test for previous rm of taint step as class

knewbury01 · knewbury01 · commit 1ddb0973f1c7 · 2025-08-27T11:51:46.000-04:00
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPPathInjectionQuery.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CAPPathInjectionQuery.qll
@@ -23,8 +23,6 @@ abstract class UtilsControlledPathSink extends UtilsSink {
   override string sinkType() { result = "unrestricted file operations" }
 }
 
-abstract class UtilsExtraFlow extends DataFlow::Node { }
-
 /**
  * This represents the data in calls as follows:
  * ```javascript
diff --git a/javascript/frameworks/cap/test/models/cds/utils/utils.expected b/javascript/frameworks/cap/test/models/cds/utils/utils.expected
@@ -1,8 +1,3 @@
-| utils.js:5:21:5:30 | "%E0%A4%A" | "%E0%A4%A": additional flow step |
-| utils.js:7:31:7:40 | "%E0%A4%A" | "%E0%A4%A": additional flow step |
-| utils.js:9:18:9:27 | "%E0%A4%A" | "%E0%A4%A": additional flow step |
-| utils.js:13:17:13:21 | 'app' | 'app': additional flow step |
-| utils.js:15:19:15:32 | 'package.json' | 'package.json': additional flow step |
 | utils.js:17:22:17:35 | 'package.json' | 'package.json': controlled path sink |
 | utils.js:19:26:19:39 | 'package.json' | 'package.json': controlled path sink |
 | utils.js:21:20:21:33 | 'package.json' | 'package.json': controlled path sink |
diff --git a/javascript/frameworks/cap/test/models/cds/utils/utils.js b/javascript/frameworks/cap/test/models/cds/utils/utils.js
@@ -1,18 +1,6 @@
 const cds = require("@sap/cds");
 
-const { decodeURI, decodeURIComponent, local, exists, isdir, isfile, read, readdir, append, write, copy, stat, find, mkdirp, rmdir, rimraf, rm } = cds.utils
-
-let uri = decodeURI("%E0%A4%A") // taint step
-
-let uri2 = decodeURIComponent("%E0%A4%A") // taint step
-
-let uri3 = local("%E0%A4%A") // taint step
-
-let uri4 = exists("%E0%A4%A") // NOT a taint step - returns a boolean
-
-let dir = isdir('app') // taint step
-
-let file = isfile('package.json') // taint step
+const { read, readdir, append, write, copy, stat, find, mkdirp, rmdir, rimraf, rm } = cds.utils
 
 let pkg = await read('package.json') // sink
 
diff --git a/javascript/frameworks/cap/test/models/cds/utils/utils.ql b/javascript/frameworks/cap/test/models/cds/utils/utils.ql
@@ -8,6 +8,4 @@ where
   node.(UtilsAccessedPathSink).toString() = str and strfull = str + ": accessed path sink"
   or
   node.(UtilsControlledDataSink).toString() = str and strfull = str + ": controlled data sink"
-  or
-  node.(UtilsExtraFlow).toString() = str and strfull = str + ": additional flow step"
 select node, strfull

Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,6 @@ abstract class UtilsControlledPathSink extends UtilsSink {`
`23`	`23`	`override string sinkType() { result = "unrestricted file operations" }`
`24`	`24`	`}`
`25`	`25`
`26`		`-abstract class UtilsExtraFlow extends DataFlow::Node { }`
`27`		`-`
`28`	`26`	`/**`
`29`	`27`	`* This represents the data in calls as follows:`
`30`	`28`	* ```javascript