Cleanup UI5 & RemoteFlowSources qll

Author: data-douser

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/RemoteFlowSources.qll

@@ -173,22 +173,3 @@ private class UI5ExtRemoteSource extends RemoteFlowSource {
     result = "Remote flow" // Don't discriminate between UI5-specific remote flows and vanilla ones
   }
 }
-
-/**
- * URLSearchParams.get() and getAll() return URL query parameter values which are user-controlled.
- * e.g., `new URLSearchParams(window.location.search).get("param")`
- */
-private class UrlSearchParamsSource extends RemoteFlowSource {
-  UrlSearchParamsSource() {
-    exists(DataFlow::NewNode newCall, DataFlow::MethodCallNode getCall |
-      // Match: new URLSearchParams(...)
-      newCall.getCalleeName() = "URLSearchParams" and
-      // Match: .get() or .getAll() on the URLSearchParams instance
-      getCall.getMethodName() = ["get", "getAll"] and
-      newCall.flowsTo(getCall.getReceiver()) and
-      this = getCall
-    )
-  }
-
-  override string getSourceType() { result = "URL query parameter" }
-}

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5.qll

@@ -358,7 +358,6 @@ class ControlReference extends Reference {
     // Fragment.byId(viewId, controlId) - static method with 2 arguments
     this.getNumArgument() = 2 and
     this.getArgument(1).getALocalSource().getStringValue() = controlId and
-    this.getMethodName() = "byId" and
     exists(FragmentModule fragment | this = fragment.getAMemberCall("byId"))
   }