From 01a7f7a6d7223ec05c45b9794ef331762018d4a1 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 12:21:07 +0200 Subject: [PATCH 1/8] all: used Erik's script to delete outdated deprecations --- .../lib/semmle/code/cpp/dataflow/DataFlow.qll | 13 --- .../code/cpp/dataflow/TaintTracking.qll | 14 --- .../cpp/dataflow/internal/DataFlowUtil.qll | 13 --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 13 --- .../lib/semmle/code/cpp/security/Security.qll | 90 ------------------- .../code/cpp/security/SecurityOptions.qll | 24 ----- .../semmle/code/csharp/controlflow/Guards.qll | 5 -- .../code/csharp/dataflow/FlowSummary.qll | 14 --- .../lib/semmle/code/csharp/dataflow/SSA.qll | 58 ------------ .../dataflow/internal/DataFlowPublic.qll | 13 --- .../InsecureDirectObjectReferenceQuery.qll | 1 - .../security/dataflow/CodeInjectionQuery.qll | 14 --- .../dataflow/CommandInjectionQuery.qll | 7 -- .../dataflow/ConditionalBypassQuery.qll | 7 -- .../security/dataflow/LDAPInjectionQuery.qll | 7 -- .../dataflow/MissingXMLValidationQuery.qll | 7 -- .../csharp/security/dataflow/ReDoSQuery.qll | 7 -- .../security/dataflow/RegexInjectionQuery.qll | 7 -- .../dataflow/ResourceInjectionQuery.qll | 14 --- .../security/dataflow/SqlInjectionQuery.qll | 14 --- .../security/dataflow/TaintedPathQuery.qll | 7 -- .../security/dataflow/UrlRedirectQuery.qll | 7 -- .../security/dataflow/XPathInjectionQuery.qll | 7 -- .../security/dataflow/flowsources/Stored.qll | 12 --- .../CWE-099/TaintedWebClientLib.qll | 7 -- go/ql/lib/semmle/go/dataflow/FlowSummary.qll | 10 --- go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll | 16 ---- .../semmle/code/java/dataflow/FlowSummary.qll | 10 --- .../lib/semmle/javascript/ES2015Modules.qll | 27 ------ javascript/ql/lib/semmle/javascript/Expr.qll | 11 --- .../dataflow/BrokenCryptoAlgorithmQuery.qll | 16 ---- .../dataflow/BuildArtifactLeakQuery.qll | 21 ----- .../CleartextLoggingCustomizations.qll | 21 +---- .../dataflow/CleartextLoggingQuery.qll | 21 ----- .../dataflow/CleartextStorageQuery.qll | 13 --- .../ClientSideRequestForgeryQuery.qll | 27 ------ .../dataflow/ClientSideUrlRedirectQuery.qll | 45 ---------- .../security/dataflow/CodeInjectionQuery.qll | 20 ----- .../dataflow/CommandInjectionQuery.qll | 13 --- .../dataflow/ConditionalBypassQuery.qll | 78 ---------------- ...orsMisconfigurationForCredentialsQuery.qll | 20 ----- .../DeepObjectResourceExhaustionQuery.qll | 30 ------- .../dataflow/DomBasedXssCustomizations.qll | 7 -- .../security/dataflow/DomBasedXssQuery.qll | 34 ------- .../security/dataflow/ExceptionXssQuery.qll | 30 ------- .../ExternalAPIUsedWithUntrustedDataQuery.qll | 49 ---------- .../dataflow/FileAccessToHttpQuery.qll | 24 ----- .../dataflow/HardcodedCredentialsQuery.qll | 22 ----- .../HardcodedDataInterpretedAsCodeQuery.qll | 17 ---- ...tHeaderPoisoningInEmailGenerationQuery.qll | 11 --- .../dataflow/HttpToFileAccessQuery.qll | 16 ---- .../ImproperCodeSanitizationQuery.qll | 13 --- ...completeHtmlAttributeSanitizationQuery.qll | 32 ------- .../IndirectCommandInjectionQuery.qll | 23 ----- .../dataflow/InsecureDownloadQuery.qll | 20 ----- .../dataflow/InsecureRandomnessQuery.qll | 25 ------ .../dataflow/InsecureTemporaryFileQuery.qll | 16 ---- .../InsufficientPasswordHashQuery.qll | 16 ---- .../security/dataflow/LogInjectionQuery.qll | 13 --- .../dataflow/LoopBoundInjectionQuery.qll | 28 ------ .../security/dataflow/NosqlInjectionQuery.qll | 34 ------- .../dataflow/PostMessageStarQuery.qll | 45 ---------- .../PrototypePollutingAssignmentQuery.qll | 72 --------------- .../dataflow/PrototypePollutionQuery.qll | 40 --------- .../security/dataflow/ReflectedXssQuery.qll | 21 ----- .../dataflow/RegExpInjectionQuery.qll | 16 ---- .../dataflow/RemotePropertyInjectionQuery.qll | 17 ---- .../security/dataflow/RequestForgeryQuery.qll | 25 ------ .../dataflow/ResourceExhaustionQuery.qll | 25 ------ .../SecondOrderCommandInjectionQuery.qll | 29 ------ .../dataflow/ServerSideUrlRedirectQuery.qll | 29 ------ ...llCommandInjectionFromEnvironmentQuery.qll | 20 ----- .../security/dataflow/SqlInjectionQuery.qll | 20 ----- .../dataflow/StackTraceExposureQuery.qll | 17 ---- .../security/dataflow/StoredXssQuery.qll | 21 ----- .../dataflow/TaintedFormatStringQuery.qll | 16 ---- .../dataflow/TaintedPathCustomizations.qll | 2 - .../security/dataflow/TaintedPathQuery.qll | 31 ------- .../dataflow/TemplateObjectInjectionQuery.qll | 27 ------ ...onfusionThroughParameterTamperingQuery.qll | 22 ----- .../dataflow/UnsafeCodeConstruction.qll | 29 ------ .../dataflow/UnsafeDeserializationQuery.qll | 16 ---- .../UnsafeDynamicMethodAccessQuery.qll | 36 -------- .../dataflow/UnsafeHtmlConstructionQuery.qll | 3 - .../dataflow/UnsafeJQueryPluginQuery.qll | 41 --------- .../UnsafeShellCommandConstructionQuery.qll | 30 ------- ...lidatedDynamicMethodCallCustomizations.qll | 12 --- .../UnvalidatedDynamicMethodCallQuery.qll | 34 ------- .../security/dataflow/XmlBombQuery.qll | 16 ---- .../security/dataflow/XpathInjectionQuery.qll | 16 ---- .../security/dataflow/XssThroughDomQuery.qll | 40 --------- .../javascript/security/dataflow/XxeQuery.qll | 16 ---- .../security/dataflow/ZipSlipQuery.qll | 30 ------- .../security/regexp/PolynomialReDoSQuery.qll | 31 ------- .../experimental/Security/CWE-918/SSRF.qll | 7 -- .../frameworks/Templating/XssDiff.ql | 3 - .../python/dataflow/new/FlowSummary.qll | 18 ---- .../lib/codeql/ruby/dataflow/FlowSummary.qll | 17 ---- .../ruby/dataflow/internal/DataFlowPublic.qll | 13 --- shared/dataflow/codeql/dataflow/DataFlow.qll | 26 ------ .../dataflow/internal/DataFlowImplCommon.qll | 20 ----- .../codeql/swift/dataflow/ExternalFlow.qll | 38 -------- .../lib/codeql/swift/dataflow/FlowSummary.qll | 10 --- .../dataflow/internal/DataFlowPublic.qll | 13 --- .../WeakSensitiveDataHashingQuery.qll | 4 - 105 files changed, 1 insertion(+), 2224 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll index a478da5193e0..b8262141dc8b 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll @@ -18,16 +18,3 @@ */ import cpp - -/** - * DEPRECATED: Use `semmle.code.cpp.dataflow.new.DataFlow` instead. - * - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) data flow analyses. - */ -deprecated module DataFlow { - private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific - private import codeql.dataflow.DataFlow - import DataFlowMake - import Public -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll index 36af8d9660bb..238a05e55d04 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll @@ -16,17 +16,3 @@ */ import semmle.code.cpp.dataflow.DataFlow - -/** - * DEPRECATED: Use `semmle.code.cpp.dataflow.new.TaintTracking` instead. - * - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ -deprecated module TaintTracking { - import semmle.code.cpp.dataflow.internal.TaintTrackingUtil - private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific - private import semmle.code.cpp.dataflow.internal.TaintTrackingImplSpecific - private import codeql.dataflow.TaintTracking - import TaintFlowMake -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index 4a8ea4ebd43d..72e742f13aa0 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -98,19 +98,6 @@ class Node extends TNode { /** Gets the location of this element. */ Location getLocation() { none() } // overridden by subclasses - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** * Gets an upper bound on the type of this node. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 62ad9f02fe29..ab6a9da6d85d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -538,19 +538,6 @@ class Node extends TIRDataFlowNode { none() // overridden by subclasses } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** Gets a textual representation of this element. */ cached final string toString() { diff --git a/cpp/ql/lib/semmle/code/cpp/security/Security.qll b/cpp/ql/lib/semmle/code/cpp/security/Security.qll index 63bdd685a205..fc2ec2a595ef 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Security.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Security.qll @@ -42,58 +42,6 @@ class SecurityOptions extends string { ) } - /** - * The argument of the given function is filled in from user input. - */ - deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { - exists(string fname | - functionCall.getTarget().hasGlobalOrStdName(fname) and - exists(functionCall.getArgument(arg)) and - ( - fname = ["fread", "fgets", "fgetws", "gets"] and arg = 0 - or - fname = "scanf" and arg >= 1 - or - fname = "fscanf" and arg >= 2 - ) - or - functionCall.getTarget().hasGlobalName(fname) and - exists(functionCall.getArgument(arg)) and - fname = "getaddrinfo" and - arg = 3 - ) - or - exists(RemoteFlowSourceFunction remote, FunctionOutput output | - functionCall.getTarget() = remote and - output.isParameterDerefOrQualifierObject(arg) and - remote.hasRemoteFlowSource(output, _) - ) - } - - /** - * The return value of the given function is filled in from user input. - */ - deprecated predicate userInputReturned(FunctionCall functionCall) { - exists(string fname | - functionCall.getTarget().getName() = fname and - ( - fname = ["fgets", "gets"] or - this.userInputReturn(fname) - ) - ) - or - exists(RemoteFlowSourceFunction remote, FunctionOutput output | - functionCall.getTarget() = remote and - (output.isReturnValue() or output.isReturnValueDeref()) and - remote.hasRemoteFlowSource(output, _) - ) - } - - /** - * DEPRECATED: Users should override `userInputReturned()` instead. - */ - deprecated predicate userInputReturn(string function) { none() } - /** * The argument of the given function is used for running a process or loading * a library. @@ -108,29 +56,6 @@ class SecurityOptions extends string { function = ["LoadLibrary", "LoadLibraryA", "LoadLibraryW"] and arg = 0 } - /** - * This predicate should hold if the expression is directly - * computed from user input. Such expressions are treated as - * sources of taint. - */ - deprecated predicate isUserInput(Expr expr, string cause) { - exists(FunctionCall fc, int i | - this.userInputArgument(fc, i) and - expr = fc.getArgument(i) and - cause = fc.getTarget().getName() - ) - or - exists(FunctionCall fc | - this.userInputReturned(fc) and - expr = fc and - cause = fc.getTarget().getName() - ) - or - commandLineArg(expr) and cause = "argv" - or - expr.(EnvironmentRead).getSourceDescription() = cause - } - /** * This predicate should hold if the expression raises privilege for the * current session. The default definition only holds true for some @@ -173,21 +98,6 @@ predicate argv(Parameter argv) { /** Convenience accessor for SecurityOptions.isPureFunction */ predicate isPureFunction(string name) { exists(SecurityOptions opts | opts.isPureFunction(name)) } -/** Convenience accessor for SecurityOptions.userInputArgument */ -deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { - exists(SecurityOptions opts | opts.userInputArgument(functionCall, arg)) -} - -/** Convenience accessor for SecurityOptions.userInputReturn */ -deprecated predicate userInputReturned(FunctionCall functionCall) { - exists(SecurityOptions opts | opts.userInputReturned(functionCall)) -} - -/** Convenience accessor for SecurityOptions.isUserInput */ -deprecated predicate isUserInput(Expr expr, string cause) { - exists(SecurityOptions opts | opts.isUserInput(expr, cause)) -} - /** Convenience accessor for SecurityOptions.isProcessOperationArgument */ predicate isProcessOperationArgument(string function, int arg) { exists(SecurityOptions opts | opts.isProcessOperationArgument(function, arg)) diff --git a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll index 81815971478a..612b495d3e68 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll @@ -22,28 +22,4 @@ class CustomSecurityOptions extends SecurityOptions { // for example: (function = "MySpecialSqlFunction" and arg = 0) none() // rules to match custom functions replace this line } - - deprecated override predicate userInputArgument(FunctionCall functionCall, int arg) { - SecurityOptions.super.userInputArgument(functionCall, arg) - or - exists(string fname | - functionCall.getTarget().hasGlobalName(fname) and - exists(functionCall.getArgument(arg)) and - // --- custom functions that return user input via one of their arguments: - // 'arg' is the 0-based index of the argument that is used to return user input - // for example: (fname = "readXmlInto" and arg = 1) - none() // rules to match custom functions replace this line - ) - } - - deprecated override predicate userInputReturned(FunctionCall functionCall) { - SecurityOptions.super.userInputReturned(functionCall) - or - exists(string fname | - functionCall.getTarget().hasGlobalName(fname) and - // --- custom functions that return user input via their return value: - // for example: fname = "xmlReadAttribute" - none() // rules to match custom functions replace this line - ) - } } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll index 313fabc02356..61741d38d1c5 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll @@ -478,11 +478,6 @@ class DereferenceableExpr extends Expr { } } -/** - * DEPRECATED: Use `EnumerableCollectionExpr` instead. - */ -deprecated class CollectionExpr = EnumerableCollectionExpr; - /** * An expression that evaluates to a collection. That is, an expression whose * (transitive, reflexive) base type is `IEnumerable`. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll index 18e4025f9e67..9b1b6398cbb0 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll @@ -4,20 +4,6 @@ import csharp private import internal.FlowSummaryImpl as Impl private import internal.DataFlowDispatch as DataFlowDispatch -deprecated class ParameterPosition = DataFlowDispatch::ParameterPosition; - -deprecated class ArgumentPosition = DataFlowDispatch::ArgumentPosition; - -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; - class SummarizedCallable = Impl::Public::SummarizedCallable; class Provenance = Impl::Public::Provenance; diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll index f17317af83be..e643fd35cd66 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/SSA.qll @@ -463,64 +463,6 @@ module Ssa { */ final AssignableDefinition getADefinition() { result = SsaImpl::getADefinition(this) } - /** - * DEPRECATED. - * - * Holds if this definition updates a captured local scope variable, and the updated - * value may be read from the implicit entry definition `def` using one or more calls - * (as indicated by `additionalCalls`), starting from call `c`. - * - * Example: - * - * ```csharp - * class C { - * void M1() { - * int i = 0; - * void M2() => System.Console.WriteLine(i); - * i = 1; - * M2(); - * } - * } - * ``` - * - * If this definition is the update of `i` on line 5, then the value may be read inside - * `M2` via the call on line 6. - */ - deprecated final predicate isCapturedVariableDefinitionFlowIn( - ImplicitEntryDefinition def, ControlFlow::Nodes::ElementNode c, boolean additionalCalls - ) { - none() - } - - /** - * DEPRECATED. - * - * Holds if this definition updates a captured local scope variable, and the updated - * value may be read from the implicit call definition `cdef` using one or more calls - * (as indicated by `additionalCalls`). - * - * Example: - * - * ```csharp - * class C { - * void M1() { - * int i = 0; - * void M2() { i = 2; }; - * M2(); - * System.Console.WriteLine(i); - * } - * } - * ``` - * - * If this definition is the update of `i` on line 4, then the value may be read outside - * of `M2` via the call on line 5. - */ - deprecated final predicate isCapturedVariableDefinitionFlowOut( - ImplicitCallDefinition cdef, boolean additionalCalls - ) { - none() - } - override Element getElement() { result = ad.getElement() } override string toString() { diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index b21d5e2c3efb..25b1ba5303ff 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -51,19 +51,6 @@ class Node extends TNode { /** Gets the location of this node. */ final Location getLocation() { result = this.(NodeImpl).getLocationImpl() } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll index 2ea422855ad8..06bd570adef2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll @@ -2,7 +2,6 @@ import csharp import semmle.code.csharp.security.dataflow.flowsources.FlowSources -deprecated import semmle.code.csharp.dataflow.flowsources.Remote import ActionMethods /** diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index 8ec9122864fb..0e34526e230a 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -40,20 +40,6 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig { */ module CodeInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of local user input. - */ -deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll index 84352389c419..89cb5fe94a38 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll @@ -49,13 +49,6 @@ module CommandInjectionConfig implements DataFlow::ConfigSig { */ module CommandInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index f92bb0d2f44a..c1cbe38eea68 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -46,13 +46,6 @@ private module ConditionalBypassConfig implements DataFlow::ConfigSig { */ module ConditionalBypass = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll index e2e96034c41e..6e51aae3926e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll @@ -52,13 +52,6 @@ module LdapInjectionConfig implements DataFlow::ConfigSig { */ module LdapInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreadModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll index 3401dab7ea24..3fd52f6c001b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll @@ -47,13 +47,6 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig { */ module MissingXmlValidation = TaintTracking::Global; -/** - * DEPRECATED: Use `ActiveThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** * A source supported by the current threat model. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll index 94dbf1d4cdcc..7b2457fa2d6b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll @@ -40,13 +40,6 @@ private module ReDoSConfig implements DataFlow::ConfigSig { */ module ReDoS = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll index 620c07a9ea21..b2907dc82790 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll @@ -40,13 +40,6 @@ private module RegexInjectionConfig implements DataFlow::ConfigSig { */ module RegexInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll index 40814729e559..5211c9aa8bbf 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll @@ -39,20 +39,6 @@ private module ResourceInjectionConfig implements DataFlow::ConfigSig { */ module ResourceInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of local user input. - */ -deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll index cc7b61c31f21..68c19510ace2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll @@ -50,20 +50,6 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { */ module SqlInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of local user input. - */ -deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll index bdc7245aeb2d..7bd0fca584f0 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll @@ -42,13 +42,6 @@ private module TaintedPathConfig implements DataFlow::ConfigSig { */ module TaintedPath = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index 0838fe7be4b6..874a9807754b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -44,13 +44,6 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig { */ module UrlRedirect = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll index 140870c70fae..dcad3a6e2be6 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll @@ -50,13 +50,6 @@ module XpathInjectionConfig implements DataFlow::ConfigSig { */ module XpathInjection = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll index aae6cfeca611..b1feedc77704 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll @@ -62,18 +62,6 @@ deprecated class DbDataReaderPropertyStoredFlowSource extends DataFlow::Node { } } -/** - * DEPRECATED: Use `EntityFramework::StoredFlowSource` and `NHibernate::StoredFlowSource` instead. - * - * A read of a mapped property. - */ -deprecated class ORMMappedProperty extends DataFlow::Node { - ORMMappedProperty() { - this instanceof EntityFramework::StoredFlowSource or - this instanceof NHibernate::StoredFlowSource - } -} - private class ExternalDatabaseInputSource extends DatabaseInputSource { ExternalDatabaseInputSource() { sourceNode(this, "database") } } diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll index a088f5100af8..acf40be25f40 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll @@ -55,13 +55,6 @@ private module TaintedWebClientConfig implements DataFlow::ConfigSig { */ module TaintedWebClient = TaintTracking::Global; -/** - * DEPRECATED: Use `ThreatModelSource` instead. - * - * A source of remote user input. - */ -deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { } - /** A source supported by the current threat model. */ class ThreatModelSource extends Source instanceof ActiveThreatModelSource { } diff --git a/go/ql/lib/semmle/go/dataflow/FlowSummary.qll b/go/ql/lib/semmle/go/dataflow/FlowSummary.qll index f38cfafc056e..9b7ee2e36b2d 100644 --- a/go/ql/lib/semmle/go/dataflow/FlowSummary.qll +++ b/go/ql/lib/semmle/go/dataflow/FlowSummary.qll @@ -10,14 +10,4 @@ private import internal.DataFlowUtil // import all instances below private module Summaries { } -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - class SummarizedCallable = Impl::Public::SummarizedCallable; - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll index 6adbd542e9b6..1d7ff65db66f 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll @@ -7,22 +7,6 @@ import go // Some TaintTracking::FunctionModel subclasses remain because varargs functions don't work with Models-as-Data sumamries yet. /** Provides models of commonly used functions in the `fmt` package. */ module Fmt { - /** - * DEPRECATED: Use AppenderOrSprinterFunc instead. - * - * The `Sprint` or `Append` functions or one of their variants. - */ - deprecated class AppenderOrSprinter extends TaintTracking::FunctionModel { - AppenderOrSprinter() { - this.hasQualifiedName("fmt", - ["Append", "Appendf", "Appendln", "Sprint", "Sprintf", "Sprintln"]) - } - - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(_) and outp.isResult() - } - } - /** The `Sprint` or `Append` functions or one of their variants. */ class AppenderOrSprinterFunc extends Function { AppenderOrSprinterFunc() { diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index acea2a10784f..0d74037b1202 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -6,14 +6,6 @@ import java private import internal.FlowSummaryImpl as Impl private import internal.DataFlowUtil -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - /** A synthetic callable with a set of concrete call sites and a flow summary. */ abstract class SyntheticCallable extends string { bindingset[this] @@ -138,5 +130,3 @@ private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSy override predicate hasExactModel() { any() } } - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll index 379403eb0ee7..3984d5de30df 100644 --- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll +++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll @@ -110,18 +110,6 @@ class ImportDeclaration extends Stmt, Import, @import_declaration { */ ObjectExpr getImportAttributes() { result = this.getChildExpr(-10) } - /** - * DEPRECATED: use `getImportAttributes` instead. - * Gets the object literal passed as part of the `with` (or `assert`) clause in this import declaration. - * - * For example, this gets the `{ type: "json" }` object literal in the following: - * ```js - * import foo from "foo" with { type: "json" }; - * import foo from "foo" assert { type: "json" }; - * ``` - */ - deprecated ObjectExpr getImportAssertion() { result = this.getImportAttributes() } - /** Gets the `i`th import specifier of this import declaration. */ ImportSpecifier getSpecifier(int i) { result = this.getChildExpr(i) } @@ -356,21 +344,6 @@ abstract class ExportDeclaration extends Stmt, @export_declaration { * ``` */ ObjectExpr getImportAttributes() { result = this.getChildExpr(-10) } - - /** - * DEPRECATED: use `getImportAttributes` instead. - * Gets the object literal passed as part of the `with` (or `assert`) clause, if this is - * a re-export declaration. - * - * For example, this gets the `{ type: "json" }` expression in each of the following: - * ```js - * export { x } from 'foo' with { type: "json" }; - * export * from 'foo' with { type: "json" }; - * export * as x from 'foo' with { type: "json" }; - * export * from 'foo' assert { type: "json" }; - * ``` - */ - deprecated ObjectExpr getImportAssertion() { result = this.getImportAttributes() } } /** diff --git a/javascript/ql/lib/semmle/javascript/Expr.qll b/javascript/ql/lib/semmle/javascript/Expr.qll index 8695c893f815..be76f0e55a8c 100644 --- a/javascript/ql/lib/semmle/javascript/Expr.qll +++ b/javascript/ql/lib/semmle/javascript/Expr.qll @@ -2833,17 +2833,6 @@ class DynamicImportExpr extends @dynamic_import, Expr, Import { */ Expr getImportOptions() { result = this.getChildExpr(1) } - /** - * DEPRECATED: use `getImportOptions` instead. - * Gets the second "argument" to the import expression, that is, the `Y` in `import(X, Y)`. - * - * For example, gets the `{ with: { type: "json" }}` expression in the following: - * ```js - * import('foo', { with: { type: "json" }}) - * ``` - */ - deprecated Expr getImportAttributes() { result = this.getImportOptions() } - override Module getEnclosingModule() { result = this.getTopLevel() } override DataFlow::Node getImportedModuleNode() { result = DataFlow::valueNode(this) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll index 15d0fa151d7c..c3bc6f451941 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll @@ -39,19 +39,3 @@ module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig { * Taint tracking flow for sensitive information in broken or weak cryptographic algorithms. */ module BrokenCryptoAlgorithmFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `BrokenCryptoAlgorithmFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "BrokenCryptoAlgorithm" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll index c044d7b0cbc0..607ed8224990 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll @@ -38,24 +38,3 @@ module BuildArtifactLeakConfig implements DataFlow::ConfigSig { * Taint tracking flow for storage of sensitive information in build artifact. */ module BuildArtifactLeakFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `BuildArtifactLeakFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "BuildArtifactLeak" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(CleartextLogging::Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof CleartextLogging::Barrier } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - CleartextLogging::isAdditionalTaintStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll index dbb775f99b58..2a0949408f7c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll @@ -15,22 +15,12 @@ module CleartextLogging { abstract class Source extends DataFlow::Node { /** Gets a string that describes the type of this data flow source. */ abstract string describe(); - - /** - * DEPRECATED. Overriding this predicate no longer has any effect. - */ - deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** * A data flow sink for clear-text logging of sensitive information. */ - abstract class Sink extends DataFlow::Node { - /** - * DEPRECATED. Overriding this predicate no longer has any effect. - */ - deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } - } + abstract class Sink extends DataFlow::Node { } /** * A barrier for clear-text logging of sensitive information. @@ -198,15 +188,6 @@ module CleartextLogging { } } - /** - * DEPRECATED. Use `Barrier` instead, sanitized have been replaced by sanitized nodes. - * - * Holds if the edge `pred` -> `succ` should be sanitized for clear-text logging of sensitive information. - */ - deprecated predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) { - succ.(DataFlow::PropRead).getBase() = pred - } - /** * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll index efed5ba46ab3..131904006ce7 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll @@ -49,24 +49,3 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig { * Taint tracking flow for clear-text logging of sensitive information. */ module CleartextLoggingFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CleartextLoggingFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CleartextLogging" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Barrier } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - CleartextLogging::isAdditionalTaintStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll index 0fbd576959e4..d285bb49d2a0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll @@ -30,16 +30,3 @@ module ClearTextStorageConfig implements DataFlow::ConfigSig { } module ClearTextStorageFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ClearTextStorageFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClearTextStorage" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll index 155aaca59c1e..da4f68dd7d31 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll @@ -45,30 +45,3 @@ module ClientSideRequestForgeryConfig implements DataFlow::ConfigSig { * Taint tracking for client-side request forgery. */ module ClientSideRequestForgeryFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ClientSideRequestForgeryFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClientSideRequestForgery" } - - override predicate isSource(DataFlow::Node source) { - exists(Source src | - source = src and - not src.isServerSide() - ) - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isAdditionalRequestForgeryStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll index 526eaf1be361..cf377f43d46a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll @@ -62,48 +62,3 @@ module ClientSideUrlRedirectConfig implements DataFlow::StateConfigSig { * Taint-tracking flow for reasoning about unvalidated URL redirections. */ module ClientSideUrlRedirectFlow = TaintTracking::GlobalWithState; - -/** - * A taint-tracking configuration for reasoning about unvalidated URL redirections. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClientSideUrlRedirect" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getAFlowLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - ClientSideUrlRedirectConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), - node2, FlowState::fromFlowLabel(state2)) - or - // Preserve document.url label in step from `location` to `location.href` or `location.toString()` - state1 instanceof DocumentUrl and - state2 instanceof DocumentUrl and - ( - node2.(DataFlow::PropRead).accesses(node1, "href") - or - exists(DataFlow::CallNode call | - call.getCalleeName() = "toString" and - node1 = call.getReceiver() and - node2 = call - ) - ) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof HostnameSanitizerGuard - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll index cc9b3f16a4fc..450c067f97ae 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll @@ -32,23 +32,3 @@ module CodeInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about code injection vulnerabilities. */ module CodeInjectionFlow = TaintTracking::Global; - -/** - * DEPRRECATED. Use the `CodeInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CodeInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - CodeInjectionConfig::isAdditionalFlowStep(node1, node2) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll index 7c013e1f4ace..b7e08b412ed9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll @@ -45,16 +45,3 @@ module CommandInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about command-injection vulnerabilities. */ module CommandInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } - - override predicate isSource(DataFlow::Node source) { CommandInjectionConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { CommandInjectionConfig::isSink(sink) } - - override predicate isSanitizer(DataFlow::Node node) { CommandInjectionConfig::isBarrier(node) } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll index 759a97291c35..59990d05e176 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll @@ -35,26 +35,6 @@ module ConditionalBypassConfig implements DataFlow::ConfigSig { */ module ConditionalBypassFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ConditionalBypassFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ConditionalBypass" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - ConditionalBypassConfig::isAdditionalFlowStep(src, dst) - } -} - /** * Holds if the value of `nd` flows into `guard`. */ @@ -149,61 +129,3 @@ predicate isEarlyAbortGuardNode(ConditionalBypassFlow::PathNode e, SensitiveActi not action.asExpr().getEnclosingStmt().nestedIn(guard) ) } - -/** - * Holds if `sink` guards `action`, and `source` taints `sink`. - * - * If flow from `source` taints `sink`, then an attacker can - * control if `action` should be executed or not. - */ -deprecated predicate isTaintedGuardForSensitiveAction( - DataFlow::PathNode sink, DataFlow::PathNode source, SensitiveAction action -) { - action = sink.getNode().(Sink).getAction() and - // exclude the intermediary sink - not sink.getNode() instanceof SensitiveActionGuardComparisonOperand and - exists(Configuration cfg | - // ordinary taint tracking to a guard - cfg.hasFlowPath(source, sink) - or - // taint tracking to both operands of a guard comparison - exists( - SensitiveActionGuardComparison cmp, DataFlow::PathNode lSource, DataFlow::PathNode rSource, - DataFlow::PathNode lSink, DataFlow::PathNode rSink - | - sink.getNode() = cmp.getGuard() and - cfg.hasFlowPath(lSource, lSink) and - lSink.getNode() = DataFlow::valueNode(cmp.getLeftOperand()) and - cfg.hasFlowPath(rSource, rSink) and - rSink.getNode() = DataFlow::valueNode(cmp.getRightOperand()) - | - source = lSource or - source = rSource - ) - ) -} - -/** - * Holds if `e` effectively guards access to `action` by returning or throwing early. - * - * Example: `if (e) return; action(x)`. - */ -deprecated predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { - exists(IfStmt guard | - // `e` is in the condition of an if-statement ... - e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and - // ... where the then-branch always throws or returns - exists(Stmt abort | - abort instanceof ThrowStmt or - abort instanceof ReturnStmt - | - abort.nestedIn(guard) and - abort.getBasicBlock().(ReachableBasicBlock).postDominates(guard.getThen().getBasicBlock()) - ) and - // ... and the else-branch does not exist - not exists(guard.getElse()) - | - // ... and `action` is outside the if-statement - not action.asExpr().getEnclosingStmt().nestedIn(guard) - ) -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll index b74c16eb031f..c68c741bc837 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll @@ -37,23 +37,3 @@ module CorsMisconfigurationConfig implements DataFlow::ConfigSig { * Data flow for CORS misconfiguration for credentials transfer. */ module CorsMisconfigurationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CorsMisconfigurationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CorsMisconfigurationForCredentials" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll index ad03ad93b949..457d0c8112fa 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll @@ -52,33 +52,3 @@ module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig { */ module DeepObjectResourceExhaustionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "DeepObjectResourceExhaustion" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index 1440fb5539d7..8eb74629066f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -336,13 +336,6 @@ module DomBasedXss { private class HtmlSanitizerAsSanitizer extends Sanitizer instanceof HtmlSanitizerCall { } - /** - * DEPRECATED. Use `isOptionallySanitizedNode` instead. - * - * Holds if there exists two dataflow edges to `succ`, where one edges is sanitized, and the other edge starts with `pred`. - */ - deprecated predicate isOptionallySanitizedEdge = isOptionallySanitizedEdgeInternal/2; - bindingset[call] pragma[inline_late] private SsaVariable getSanitizedSsaVariable(HtmlSanitizerCall call) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index 36d5b3ba0a6b..5e30a5dafa14 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -122,40 +122,6 @@ module DomBasedXssConfig implements DataFlow::StateConfigSig { */ module DomBasedXssFlow = TaintTracking::GlobalWithState; -/** - * DEPRECATED. Use the `DomBasedXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HtmlInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - DomBasedXssConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - DomBasedXssConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isSanitizer(DataFlow::Node node) { DomBasedXssConfig::isBarrier(node) } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - DomBasedXssConfig::isBarrier(node, FlowState::fromFlowLabel(lbl)) - } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - DomBasedXssConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, - FlowState::fromFlowLabel(state2)) - or - // inherit all ordinary taint steps for the prefix label - state1 = prefixLabel() and - state2 = prefixLabel() and - TaintTracking::sharedTaintStep(node1, node2) - } -} - private class PrefixStringSanitizerActivated extends PrefixStringSanitizer { PrefixStringSanitizerActivated() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll index d7f4fe954f9c..a4b677d2946f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll @@ -163,33 +163,3 @@ module ExceptionXssConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about XSS with possible exceptional flow. */ module ExceptionXssFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `ExceptionXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ExceptionXss" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof XssShared::Sink and not label instanceof NotYetThrown - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof XssShared::Sanitizer } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - ExceptionXssConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), succ, - FlowState::fromFlowLabel(outlbl)) - or - // All the usual taint-flow steps apply on data-flow before it has been thrown in an exception. - // Note: this step is not needed in StateConfigSig module since flow states inherit taint steps. - this.isAdditionalFlowStep(pred, succ) and - inlbl instanceof NotYetThrown and - outlbl instanceof NotYetThrown - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index 7972c379e874..dcf79522104e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -43,55 +43,6 @@ module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { module ExternalAPIUsedWithUntrustedDataFlow = TaintTracking::Global; -/** - * Flow label for objects from which a tainted value is reachable. - * - * Only used by the legacy data-flow configuration, as the new data flow configuration - * uses `allowImplicitRead` to achieve this instead. - */ -deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { - ObjectWrapperFlowLabel() { this = "object-wrapper" } -} - -/** - * DEPRECATED. Use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ExternalAPIUsedWithUntrustedData" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink instanceof Sink and - (lbl.isTaint() or lbl instanceof ObjectWrapperFlowLabel) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predLbl, - DataFlow::FlowLabel succLbl - ) { - // Step into an object and switch to the 'object-wrapper' label. - exists(DataFlow::PropWrite write | - pred = write.getRhs() and - succ = write.getBase().getALocalSource() and - (predLbl.isTaint() or predLbl instanceof ObjectWrapperFlowLabel) and - succLbl instanceof ObjectWrapperFlowLabel - ) - } - - override predicate isSanitizerIn(DataFlow::Node node) { - // Block flow from the location to its properties, as the relevant properties (hash and search) are taint sources of their own. - // The location source is only used for propagating through API calls like `new URL(location)` and into external APIs where - // the whole location object escapes. - node = DOM::locationRef().getAPropertyRead() - } -} - /** A node representing data being passed to an external API. */ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 21efb2b77702..6767baf8bb7b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -32,27 +32,3 @@ module FileAccessToHttpConfig implements DataFlow::ConfigSig { * Taint tracking for file data in outbound network requests. */ module FileAccessToHttpFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `FileAccessToHttpFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "FileAccessToHttp" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - // taint entire object on property write - exists(DataFlow::PropWrite pwr | - succ = pwr.getBase() and - pred = pwr.getRhs() - ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll index d589b3a15595..14e5d4f0ed55 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll @@ -77,25 +77,3 @@ module HardcodedCredentialsConfig implements DataFlow::ConfigSig { * Data flow for reasoning about hardcoded credentials. */ module HardcodedCredentials = DataFlow::Global; - -/** - * DEPRECATED. Use the `HardcodedCredentials` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "HardcodedCredentials" } - - override predicate isSource(DataFlow::Node source) { - HardcodedCredentialsConfig::isSource(source) - } - - override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - HardcodedCredentialsConfig::isBarrier(node) - } - - override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { - HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll index 0d33ee11876f..3d79fdd75536 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll @@ -43,20 +43,3 @@ module HardcodedDataInterpretedAsCodeConfig implements DataFlow::StateConfigSig */ module HardcodedDataInterpretedAsCodeFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `HardcodedDataInterpretedAsCodeFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HardcodedDataInterpretedAsCode" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { - nd.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index 4271ef3e9b68..07ecb1333b6f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -25,14 +25,3 @@ module HostHeaderPoisoningConfig implements DataFlow::ConfigSig { * Taint tracking configuration host header poisoning. */ module HostHeaderPoisoningFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedHostHeader" } - - override predicate isSource(DataFlow::Node node) { HostHeaderPoisoningConfig::isSource(node) } - - override predicate isSink(DataFlow::Node node) { HostHeaderPoisoningConfig::isSink(node) } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll index 0525367d1e22..51992d4be471 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll @@ -25,19 +25,3 @@ module HttpToFileAccessConfig implements DataFlow::ConfigSig { * Taint tracking for writing user-controlled data to files. */ module HttpToFileAccessFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `HttpToFileAccessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HttpToFileAccess" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll index 1601208ed38e..1d65dc6d59e1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll @@ -27,16 +27,3 @@ module ImproperCodeSanitizationConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about improper code sanitization vulnerabilities. */ module ImproperCodeSanitizationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ImproperCodeSanitizationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ImproperCodeSanitization" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll index 578c15635bbb..697f04c6c5cf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll @@ -51,35 +51,3 @@ module IncompleteHtmlAttributeSanitizationConfig implements DataFlow::StateConfi */ module IncompleteHtmlAttributeSanitizationFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `IncompleteHtmlAttributeSanitizationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "IncompleteHtmlAttributeSanitization" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = Label::characterToLabel(source.(Source).getAnUnsanitizedCharacter()) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = Label::characterToLabel(sink.(Sink).getADangerousCharacter()) - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - super.isAdditionalFlowStep(src, dst) and srclabel = dstlabel - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - lbl = Label::characterToLabel(node.(StringReplaceCall).getAReplacedString()) or - this.isSanitizer(node) - } - - override predicate isSanitizer(DataFlow::Node n) { - n instanceof Sanitizer or - super.isSanitizer(n) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll index 87d85911a1ba..bc993d7577ad 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll @@ -41,26 +41,3 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about command-injection vulnerabilities. */ module IndirectCommandInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `IndirectCommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "IndirectCommandInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - /** - * Holds if `sink` is a data-flow sink for command-injection vulnerabilities, and - * the alert should be placed at the node `highlight`. - */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } - - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll index ffcfead78961..156a0248c886 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll @@ -37,23 +37,3 @@ module InsecureDownloadConfig implements DataFlow::StateConfigSig { * Taint tracking for download of sensitive file through insecure connection. */ module InsecureDownloadFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `InsecureDownload` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "InsecureDownload" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - InsecureDownloadConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - InsecureDownloadConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - InsecureDownloadConfig::isBarrier(node) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll index 1fa4cd272b3b..6b3b33968b4e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll @@ -48,28 +48,3 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig { * Taint tracking for random values that are not cryptographically secure. */ module InsecureRandomnessFlow = DataFlow::Global; - -/** - * DEPRECATED. Use the `InsecureRandomnessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsecureRandomness" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - // not making use of `super.isSanitizer`: those sanitizers are not for this kind of data - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - // stop propagation at the sinks to avoid double reporting - this.isSink(node) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - InsecureRandomness::isAdditionalTaintStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll index ee2f1bb96d15..7127700b87bf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll @@ -27,19 +27,3 @@ module InsecureTemporaryFileConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about insecure temporary file creation. */ module InsecureTemporaryFileFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `InsecureTemporaryFileFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsecureTemporaryFile" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll index c29592569880..fc9dd3ad9a24 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll @@ -33,19 +33,3 @@ module InsufficientPasswordHashConfig implements DataFlow::ConfigSig { * Taint tracking for password hashing with insufficient computational effort. */ module InsufficientPasswordHashFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `InsufficientPasswordHashFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsufficientPasswordHash" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll index 9f2060709059..9659b90f4359 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll @@ -37,19 +37,6 @@ module LogInjectionConfig implements DataFlow::ConfigSig { */ module LogInjectionFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `LogInjectionFlow` module instead. - */ -deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { - LogInjectionConfiguration() { this = "LogInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A source of remote user controlled input. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll index 522df62eca56..52e0e1a46da1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll @@ -46,31 +46,3 @@ module LoopBoundInjectionConfig implements DataFlow::StateConfigSig { * Taint tracking configuration for reasoning about looping on tainted objects with unbounded length. */ module LoopBoundInjectionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `LoopBoundInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "LoopBoundInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source instanceof Source and label = TaintedObject::label() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard or - guard instanceof IsArraySanitizerGuard or - guard instanceof InstanceofArraySanitizerGuard or - guard instanceof LengthCheckSanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll index e7d93aabb977..f7e2c5a442ab 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll @@ -59,37 +59,3 @@ module NosqlInjectionConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about SQL-injection vulnerabilities. */ module NosqlInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `NosqlInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "NosqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - TaintedObject::isSource(source, label) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getAFlowLabel() = label - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - NosqlInjectionConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, - FlowState::fromFlowLabel(state2)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index 188f2d20fd7f..aa8c7fcf0fa3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -11,10 +11,6 @@ import javascript import PostMessageStarCustomizations::PostMessageStar // Materialize flow labels -deprecated private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { - ConcretePartiallyTaintedObject() { this = this } -} - /** * A taint tracking configuration for cross-window communication with unrestricted origin. * @@ -45,44 +41,3 @@ module PostMessageStarConfig implements DataFlow::ConfigSig { * A taint tracking configuration for cross-window communication with unrestricted origin. */ module PostMessageStarFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `PostMessageStarFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PostMessageStar" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink instanceof Sink and lbl = anyLabel() - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - // writing a tainted value to an object property makes the object partially tainted - exists(DataFlow::PropWrite write | - write.getRhs() = src and - inlbl = anyLabel() and - trg.(DataFlow::SourceNode).flowsTo(write.getBase()) and - outlbl instanceof PartiallyTaintedObject - ) - or - // `toString` or `JSON.toString` on a partially tainted object gives a tainted value - exists(DataFlow::InvokeNode toString | toString = trg | - toString.(DataFlow::MethodCallNode).calls(src, "toString") - or - src = toString.(JsonStringifyCall).getInput() - ) and - inlbl instanceof PartiallyTaintedObject and - outlbl.isTaint() - or - // `valueOf` preserves partial taint - trg.(DataFlow::MethodCallNode).calls(src, "valueOf") and - inlbl instanceof PartiallyTaintedObject and - outlbl = inlbl - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll index 96eed4cadc2b..076ebf6e9de0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll @@ -140,78 +140,6 @@ predicate isIgnoredLibraryFlow(ExternalInputSource source, Sink sink) { ) } -/** - * DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollutingAssignment" } - - override predicate isSource(DataFlow::Node node) { node instanceof Source } - - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { - node.(Sink).getAFlowLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { - PrototypePollutingAssignmentConfig::isBarrier(node) - } - - override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { - // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving - // step because it preserves all properties, but the destination is not actually Object.prototype. - node = any(ExtendCall call).getASourceOperand() and - lbl instanceof ObjectPrototype - } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - PrototypePollutingAssignmentConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), - succ, FlowState::fromFlowLabel(outlbl)) - } - - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - // require that there is a path without unmatched return steps - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) and - // filter away paths that start with library inputs and end with a write to a fixed property. - not exists(ExternalInputSource src, Sink snk, DataFlow::PropWrite write | - source.getNode() = src and sink.getNode() = snk - | - snk = write.getBase() and - ( - // fixed property name - exists(write.getPropertyName()) - or - // non-string property name (likely number) - exists(Expr prop | prop = write.getPropertyNameExpr() | - not prop.analyze().getAType() = TTString() - ) - ) - ) - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - super.isLabeledBarrier(node, lbl) - or - // Don't propagate into the receiver, as the method lookups will generally fail on Object.prototype. - node instanceof DataFlow::ThisNode and - lbl instanceof ObjectPrototype - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PropertyPresenceCheck or - guard instanceof InExprCheck or - guard instanceof InstanceofCheck or - guard instanceof IsArrayCheck or - guard instanceof TypeofCheck or - guard instanceof NumberGuard or - guard instanceof EqualityCheck or - guard instanceof IncludesCheck or - guard instanceof DenyListInclusionGuard - } -} - /** Gets a data flow node referring to an object created with `Object.create`. */ DataFlow::SourceNode prototypeLessObject() { result = prototypeLessObject(DataFlow::TypeTracker::end()) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll index 86fbb1273d97..44cddc00f74a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll @@ -13,13 +13,6 @@ import semmle.javascript.dependencies.SemVer import PrototypePollutionCustomizations::PrototypePollution // Materialize flow labels -/** - * We no longer use this flow label, since it does not work in a world where flow states inherit taint steps. - */ -deprecated private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { - ConcreteTaintedObjectWrapper() { this = this } -} - /** * A taint tracking configuration for user-controlled objects flowing into deep `extend` calls, * leading to prototype pollution. @@ -65,36 +58,3 @@ module PrototypePollutionConfig implements DataFlow::StateConfigSig { * leading to prototype pollution. */ module PrototypePollutionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `PrototypePollutionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollution" } - - override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { - node.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { - node.(Sink).getAFlowLabel() = label - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, dst, inlbl, outlbl) - or - // Track objects are wrapped in other objects - exists(DataFlow::PropWrite write | - src = write.getRhs() and - inlbl = TaintedObject::label() and - dst = write.getBase().getALocalSource() and - outlbl = TaintedObjectWrapper::label() - ) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof TaintedObject::SanitizerGuard - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 55688d4b5ff9..3317d3c69fda 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -27,27 +27,6 @@ module ReflectedXssConfig implements DataFlow::ConfigSig { */ module ReflectedXssFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ReflectedXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ReflectedXss" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } -} - private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll index 606b0df62517..08d0b2caf6a7 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll @@ -27,19 +27,3 @@ module RegExpInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for untrusted user input used to construct regular expressions. */ module RegExpInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RegExpInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RegExpInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll index 8f1f174d8ecf..d8f1e4622177 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll @@ -31,20 +31,3 @@ module RemotePropertyInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about remote property injection. */ module RemotePropertyInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RemotePropertyInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RemotePropertyInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer or - node = StringConcatenation::getRoot(any(ConstantString str).flow()) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll index 2628fadedbf0..23f8f4bdd137 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll @@ -40,28 +40,3 @@ module RequestForgeryConfig implements DataFlow::ConfigSig { * Taint tracking for server-side request forgery. */ module RequestForgeryFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RequestForgeryFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RequestForgery" } - - override predicate isSource(DataFlow::Node source) { RequestForgeryConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { RequestForgeryConfig::isSink(sink) } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - RequestForgeryConfig::isBarrierOut(node) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - RequestForgeryConfig::isAdditionalFlowStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll index cfad24432289..dcedce3049ae 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll @@ -36,31 +36,6 @@ module ResourceExhaustionConfig implements DataFlow::ConfigSig { */ module ResourceExhaustionFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ResourceExhaustionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ResourceExhaustion" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer or - node = any(DataFlow::PropRead read | read.getPropertyName() = "length") - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - isNumericFlowStep(src, dst) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof UpperBoundsCheckSanitizerGuard - } -} - /** Holds if data is converted to a number from `src` to `dst`. */ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) { exists(DataFlow::CallNode c | diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index 0c5af5abd37c..41ae0563d9d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -56,32 +56,3 @@ module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { */ module SecondOrderCommandInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `SecondOrderCommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SecondOrderCommandInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getALabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getALabel() = label - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PrefixStringSanitizer or - guard instanceof DoubleDashSanitizer or - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index e6c3345b2c7e..4b6fdc9b4896 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -43,35 +43,6 @@ module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { */ module ServerSideUrlRedirectFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ServerSideUrlRedirect" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - ServerSideUrlRedirectConfig::isBarrierOut(node) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof LocalUrlSanitizingGuard or - guard instanceof HostnameSanitizerGuard - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) - } -} - /** * DEPRECATED. This is no longer used as a sanitizer guard. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll index 1d396da5b20d..e74aa829340a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll @@ -43,23 +43,3 @@ module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig */ module ShellCommandInjectionFromEnvironmentFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ShellCommandInjectionFromEnvironmentFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ShellCommandInjectionFromEnvironment" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - /** Holds if `sink` is a command-injection sink with `highlight` as the corresponding alert location. */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } - - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll index 69dabac14680..85ae77d9d37b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll @@ -39,23 +39,3 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about string based query injection vulnerabilities. */ module SqlInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `SqlInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - SqlInjectionConfig::isAdditionalFlowStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll index 254df5aabe6e..0295124f44c1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll @@ -36,20 +36,3 @@ module StackTraceExposureConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about stack trace exposure problems. */ module StackTraceExposureFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `StackTraceExposureFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } - - override predicate isSource(DataFlow::Node src) { src instanceof Source } - - override predicate isSanitizer(DataFlow::Node nd) { - super.isSanitizer(nd) - or - StackTraceExposureConfig::isBarrier(nd) - } - - override predicate isSink(DataFlow::Node snk) { snk instanceof Sink } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll index 48e186bd71e3..fa25fa1e58b8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll @@ -27,27 +27,6 @@ module StoredXssConfig implements DataFlow::ConfigSig { */ module StoredXssFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `StoredXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StoredXss" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } -} - private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll index 55338477cb49..8ecdde85e768 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll @@ -27,19 +27,3 @@ module TaintedFormatStringConfig implements DataFlow::ConfigSig { * Taint-tracking for format injections. */ module TaintedFormatStringFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `TaintedFormatStringFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedFormatString" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index f863b86a3b57..d8196784280e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -69,8 +69,6 @@ module TaintedPath { } } - deprecated class BarrierGuardNode = BarrierGuard; - private newtype TFlowState = TPosixPath(FlowState::Normalization normalization, FlowState::Relativeness relativeness) or TSplitPath() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll index 8b50a69cedce..6c601f294bf5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll @@ -55,34 +55,3 @@ module TaintedPathConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about tainted-path vulnerabilities. */ module TaintedPathFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `TaintedPathFlow` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "TaintedPath" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = source.(Source).getAFlowLabel() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = sink.(Sink).getAFlowLabel() - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof BarrierGuardNode - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - isAdditionalTaintedPathFlowStep(src, dst, srclabel, dstlabel) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 348e59937b5e..659f7a952820 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -53,30 +53,3 @@ module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { * Taint tracking for reasoning about template object injection vulnerabilities. */ module TemplateObjectInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead. - */ -deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration { - TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll index 03e8c5c48ebb..28a86e7f69fe 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll @@ -59,25 +59,3 @@ private class IsArrayBarrier extends BarrierGuard, DataFlow::CallNode { outcome = [true, false] // separation between string/array removes type confusion in both branches } } - -/** - * DEPRECATED. Use the `TypeConfusionFlow` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "TypeConfusionThroughParameterTampering" } - - override predicate isSource(DataFlow::Node source) { TypeConfusionConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { TypeConfusionConfig::isSink(sink) } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof Barrier - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TypeOfTestBarrier or - guard instanceof IsArrayBarrier - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll index e29d5d87a70f..92d7d6caf76b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll @@ -46,33 +46,4 @@ module UnsafeCodeConstruction { * Taint-tracking for reasoning about unsafe code constructed from library input. */ module UnsafeCodeConstructionFlow = TaintTracking::Global; - - /** - * DEPRECATED. Use the `UnsafeCodeConstructionFlow` module instead. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeCodeConstruction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof CodeInjection::Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // HTML sanitizers are insufficient protection against code injection - src = trg.(HtmlSanitizerCall).getInput() - or - DataFlow::localFieldStep(src, trg) - } - - // override to require that there is a path without unmatched return steps - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll index b0621c6ac48e..75af7cd4d86d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll @@ -26,19 +26,3 @@ module UnsafeDeserializationConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about unsafe deserialization. */ module UnsafeDeserializationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `UnsafeDeserializationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDeserialization" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 423b50f17f70..dc468762c936 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -83,39 +83,3 @@ module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about unsafe dynamic method access. */ module UnsafeDynamicMethodAccessFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `UnsafeDynamicMethodAccessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDynamicMethodAccess" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - UnsafeDynamicMethodAccessConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - UnsafeDynamicMethodAccessConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - UnsafeDynamicMethodAccessConfig::isBarrier(node) - } - - /** - * Holds if a property of the given object is an unsafe function. - */ - predicate hasUnsafeMethods(DataFlow::SourceNode node) { - PropertyInjection::hasUnsafeMethods(node) // Redefined here so custom queries can override it - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - UnsafeDynamicMethodAccessConfig::additionalFlowStep(src, FlowState::fromFlowLabel(srclabel), - dst, FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll index 913329813c1b..3c962c3814e2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll @@ -9,9 +9,6 @@ private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizati import UnsafeHtmlConstructionCustomizations::UnsafeHtmlConstruction import semmle.javascript.security.TaintedObject -/** DEPRECATED: Mis-spelled class name, alias for Configuration. */ -deprecated class Configration = Configuration; - /** * A taint-tracking configuration for reasoning about unsafe HTML constructed from library input vulnerabilities. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll index 75eeaf20cfaa..245d75b35334 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll @@ -51,47 +51,6 @@ module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig { */ module UnsafeJQueryPluginFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `UnsafeJQueryPluginFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeJQueryPlugin" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof DomBasedXss::Sanitizer - or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - // jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor. - DataFlow::localFieldStep(src, sink) or - aliasPropertyPresenceStep(src, sink) - } - - override predicate isSanitizerOut(DataFlow::Node node) { - // prefixing prevents forced html/css confusion: - // prefixing through concatenation: - StringConcatenation::taintStep(node, _, _, any(int i | i >= 1)) - or - // prefixing through a poor-mans templating system: - node = any(StringReplaceCall call).getRawReplacement() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - super.isSanitizerGuard(node) or - node instanceof IsElementSanitizer or - node instanceof PropertyPresenceSanitizer or - node instanceof NumberGuard - } -} - /** * Holds if there is a taint-step from `src` to `sink`, * where `src` is a property read that acts as a sanitizer for the base, diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll index e006c2a2f498..2b1a340b8e62 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -42,33 +42,3 @@ module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig { */ module UnsafeShellCommandConstructionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `UnsafeShellCommandConstructionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeShellCommandConstruction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PathExistsSanitizerGuard or - guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer or - guard instanceof NumberGuard or - guard instanceof TypeOfSanitizer - } - - // override to require that there is a path without unmatched return steps - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFieldStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll index e516167a30b4..4a0b1865ece0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll @@ -92,18 +92,6 @@ module UnvalidatedDynamicMethodCall { /** DEPRECATED. Use `getAFlowState()` instead. */ deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } - - /** - * DEPRECATED. Use sanitizer nodes instead. - * - * This predicate no longer has any effect. The `this` value of `Sanitizer` is instead - * treated as a sanitizing node, that is, flow in and out of that node is prohibited. - */ - deprecated predicate sanitizes( - DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl - ) { - none() - } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll index 7b6a6124edaf..8cf5279fe42f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll @@ -100,37 +100,3 @@ module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig { */ module UnvalidatedDynamicMethodCallFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `UnvalidatedDynamicMethodCallFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnvalidatedDynamicMethodCall" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getFlowLabel() = label - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { - super.isLabeledBarrier(node, label) - or - node.(Sanitizer).getFlowLabel() = label - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof NumberGuard or - guard instanceof FunctionCheck - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - UnvalidatedDynamicMethodCallConfig::isAdditionalFlowStep(src, - FlowState::fromFlowLabel(srclabel), dst, FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll index 99f5874cf578..ae469c3e5755 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll @@ -27,19 +27,3 @@ module XmlBombConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about XML-bomb vulnerabilities. */ module XmlBombFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XmlBombFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XmlBomb" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll index fcae5a0eb767..991d7b3f6fc3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll @@ -28,19 +28,3 @@ module XpathInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for untrusted user input used in XPath expression. */ module XpathInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XpathInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XpathInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll index a9292bbdd4d8..a803362ad11d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll @@ -46,46 +46,6 @@ predicate isIgnoredSourceSinkPair(Source source, DomBasedXss::Sink sink) { sink instanceof DomBasedXss::WriteUrlSink } -/** - * DEPRECATED. Use the `XssThroughDomFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XssThroughDOM" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof DomBasedXss::Sanitizer or - DomBasedXss::isOptionallySanitizedNode(node) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TypeTestGuard or - guard instanceof UnsafeJQuery::PropertyPresenceSanitizer or - guard instanceof UnsafeJQuery::NumberGuard or - guard instanceof PrefixStringSanitizer or - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - succ = DataFlow::globalVarRef("URL").getAMemberCall("createObjectURL") and - pred = succ.(DataFlow::InvokeNode).getArgument(0) - } - - override predicate hasFlowPath(DataFlow::SourcePathNode src, DataFlow::SinkPathNode sink) { - super.hasFlowPath(src, sink) and - // filtering away readings of `src` that end in a URL sink. - not ( - sink.getNode() instanceof DomBasedXss::WriteUrlSink and - src.getNode().(DomPropertySource).getPropertyName() = "src" - ) - } -} - /** A test for the value of `typeof x`, restricting the potential types of `x`. */ class TypeTestGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll index 616768030a36..191e263fa520 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll @@ -27,19 +27,3 @@ module XxeConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about XXE vulnerabilities. */ module XxeFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XxeFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "Xxe" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll index b59a78462b8c..7c6a34563b8c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll @@ -50,33 +50,3 @@ module ZipSlipConfig implements DataFlow::StateConfigSig { /** A taint tracking configuration for unsafe archive extraction. */ module ZipSlipFlow = DataFlow::GlobalWithState; - -/** A taint tracking configuration for unsafe archive extraction. */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "ZipSlip" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = source.(Source).getAFlowLabel() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = sink.(Sink).getAFlowLabel() - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof TaintedPath::Sanitizer - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TaintedPath::BarrierGuardNode - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - ZipSlipConfig::isAdditionalFlowStep(src, TaintedPath::FlowState::fromFlowLabel(srclabel), dst, - TaintedPath::FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index e68fd5af415f..5dd85b91a294 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -37,34 +37,3 @@ module PolynomialReDoSConfig implements DataFlow::ConfigSig { /** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ module PolynomialReDoSFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `PolynomialReDoSFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PolynomialReDoS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - super.isSanitizerGuard(node) or - node instanceof LengthGuard - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - // require that there is a path without unmatched return steps - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFieldStep(pred, succ) - } -} diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll index 03bc9f990385..a30f1046a5db 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll @@ -38,13 +38,6 @@ module SsrfConfig implements DataFlow::ConfigSig { module SsrfFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `SsrfFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SSRF" } -} - /** * A sanitizer for ternary operators. * diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql index 66f34f2e4226..53de286bcdd0 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql @@ -2,7 +2,4 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery deprecated import utils.test.LegacyDataFlowDiff -deprecated query predicate legacyDataFlowDifference = - DataFlowDiff::legacyDataFlowDifference/3; - query predicate flow = DomBasedXssFlow::flow/2; diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll index 7a54ace60ed8..0e0c1bd06347 100644 --- a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll +++ b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll @@ -13,27 +13,11 @@ private module Summaries { private import semmle.python.frameworks.data.ModelsAsData } -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -/** Provides predicates for constructing summary components. */ -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - /** A callable with a flow summary, identified by a unique string. */ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { bindingset[this] SummarizedCallable() { any() } - /** - * DEPRECATED: Use `propagatesFlow` instead. - */ - deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - this.propagatesFlow(input, output, preservesValue, _) - } - override predicate propagatesFlow( string input, string output, boolean preservesValue, string model ) { @@ -47,5 +31,3 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari */ predicate propagatesFlow(string input, string output, boolean preservesValue) { none() } } - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll index 73e4ca8dfec7..5afc5bbba09d 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll @@ -15,26 +15,11 @@ private module Summaries { private import codeql.ruby.frameworks.data.ModelsAsData } -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - /** A callable with a flow summary, identified by a unique string. */ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { bindingset[this] SummarizedCallable() { any() } - /** - * DEPRECATED: Use `propagatesFlow` instead. - */ - deprecated predicate propagatesFlowExt(string input, string output, boolean preservesValue) { - this.propagatesFlow(input, output, preservesValue, _) - } - override predicate propagatesFlow( string input, string output, boolean preservesValue, string model ) { @@ -73,8 +58,6 @@ abstract class SimpleSummarizedCallable extends SummarizedCallable { final override MethodCall getACallSimple() { result = mc } } -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; - /** * Provides a set of special flow summaries to ensure that callbacks passed into * library methods will be passed as `lambda-self` arguments into themselves. That is, diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 3be4fdbcfe89..95377076c132 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -29,19 +29,6 @@ class Node extends TNode { /** Gets the location of this node. */ final Location getLocation() { result = getLocation(this) } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** * Gets a local source node from which data may flow to this node in zero or * more local data-flow steps. diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 93327f5ad6a3..171e449426a4 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -788,19 +788,6 @@ module DataFlowMake Lang> { /** Gets the location of this node. */ Location getLocation() { result = this.getNode().getLocation() } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } } /** @@ -857,19 +844,6 @@ module DataFlowMake Lang> { /** Gets a textual representation of this element. */ string toString() { result = super.toString() } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** Gets the underlying `Node`. */ Node getNode() { result = super.getNode() } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll index 845da27aae7a..0f54463e0fa6 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll @@ -23,26 +23,6 @@ module MakeImplCommon Lang> { private import Aliases module DataFlowImplCommonPublic { - /** - * DEPRECATED: Generally, a custom `FlowState` type should be used instead, - * but `string` can of course still be used without referring to this - * module. - * - * Provides `FlowState = string`. - */ - deprecated module FlowStateString { - /** A state value to track during data flow. */ - deprecated class FlowState = string; - - /** - * The default state, which is used when the state is unspecified for a source - * or a sink. - */ - deprecated class FlowStateEmpty extends FlowState { - FlowStateEmpty() { this = "" } - } - } - private newtype TFlowFeature = TFeatureHasSourceCallContext() or TFeatureHasSinkCallContext() or diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll index f396f9536e82..7fac65ecde5d 100644 --- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll @@ -446,44 +446,6 @@ Element interpretElement( ) } -deprecated private predicate parseField(AccessPathToken c, Content::FieldContent f) { - exists(string fieldRegex, string name | - c.getName() = "Field" and - fieldRegex = "^([^.]+)$" and - name = c.getAnArgument().regexpCapture(fieldRegex, 1) and - f.getField().getName() = name - ) -} - -deprecated private predicate parseTuple(AccessPathToken c, Content::TupleContent t) { - c.getName() = "TupleElement" and - t.getIndex() = c.getAnArgument().toInt() -} - -deprecated private predicate parseEnum(AccessPathToken c, Content::EnumContent e) { - c.getName() = "EnumElement" and - c.getAnArgument() = e.getSignature() - or - c.getName() = "OptionalSome" and - e.getSignature() = "some:0" -} - -/** Holds if the specification component parses as a `Content`. */ -deprecated predicate parseContent(AccessPathToken component, Content content) { - parseField(component, content) - or - parseTuple(component, content) - or - parseEnum(component, content) - or - // map legacy "ArrayElement" specification components to `CollectionContent` - component.getName() = "ArrayElement" and - content instanceof Content::CollectionContent - or - component.getName() = "CollectionElement" and - content instanceof Content::CollectionContent -} - cached private module Cached { /** diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll index fadee4aee6f4..0cec06a7c9cc 100644 --- a/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll +++ b/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll @@ -13,14 +13,4 @@ private module Summaries { private import codeql.swift.frameworks.Frameworks } -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - class SummarizedCallable = Impl::Public::SummarizedCallable; - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index b14bd5d5f592..0c5a4fbb2a63 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -19,19 +19,6 @@ class Node extends TNode { cached final Location getLocation() { result = this.(NodeImpl).getLocationImpl() } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** * Gets the expression that corresponds to this node, if any. */ diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll index 5aba8ffa1b09..ade9d9f1437d 100755 --- a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll +++ b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll @@ -40,8 +40,4 @@ module WeakSensitiveDataHashingConfig implements DataFlow::ConfigSig { } } -deprecated module WeakHashingConfig = WeakSensitiveDataHashingConfig; - module WeakSensitiveDataHashingFlow = TaintTracking::Global; - -deprecated module WeakHashingFlow = WeakSensitiveDataHashingFlow; From 80fbcb7110b8e4f05f208cd4423ec5def21ecf9c Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 13:27:43 +0200 Subject: [PATCH 2/8] Go: update test expectations after removing deprecated predicates --- go/ql/test/experimental/CWE-74/DsnInjection.expected | 1 - .../experimental/CWE-74/DsnInjectionLocal.expected | 2 -- go/ql/test/experimental/CWE-918/SSRF.expected | 6 ------ .../go/dataflow/FlowSteps/LocalTaintStep.expected | 4 ---- .../Security/CWE-078/CommandInjection.expected | 2 -- .../query-tests/Security/CWE-079/ReflectedXss.expected | 3 --- .../query-tests/Security/CWE-089/SqlInjection.expected | 10 ---------- .../InsecureRandomness/InsecureRandomness.expected | 1 - 8 files changed, 29 deletions(-) diff --git a/go/ql/test/experimental/CWE-74/DsnInjection.expected b/go/ql/test/experimental/CWE-74/DsnInjection.expected index e1f66aa14139..3a47f3698882 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjection.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjection.expected @@ -5,7 +5,6 @@ edges | Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:2 | | Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance | | -| Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | call to Sprintf | provenance | FunctionModel | models | 1 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | | 2 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index 634d637c5881..f14b3b9f7347 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -6,7 +6,6 @@ edges | Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:2 | | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | -| Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | | Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance | | | Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | | Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance | | @@ -20,7 +19,6 @@ edges | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance | | -| Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel | models | 1 | Source: os; ; false; Args; ; ; ; commandargs; manual | | 2 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 87780085a549..696303b8a413 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -27,13 +27,10 @@ edges | new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | | new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | -| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | | new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | []type{args} [array] | provenance | | -| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | FunctionModel | | new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:11 | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance | | -| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel | | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1 | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | @@ -44,13 +41,10 @@ edges | new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | | new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | -| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | | new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | []type{args} [array] | provenance | | -| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | FunctionModel | | new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:11 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | -| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | | new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:13 | | new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:14 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index 6fadcdaabe63..5fd9154376ce 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -17,13 +17,9 @@ | strings.go:10:35:10:41 | "&" | strings.go:10:8:10:42 | call to ReplaceAll | | strings.go:11:9:11:26 | call to Sprint | strings.go:11:9:11:50 | ...+... | | strings.go:11:9:11:50 | ...+... | strings.go:11:9:11:69 | ...+... | -| strings.go:11:20:11:21 | s2 | strings.go:11:9:11:26 | call to Sprint | -| strings.go:11:24:11:25 | s3 | strings.go:11:9:11:26 | call to Sprint | | strings.go:11:30:11:50 | call to Sprintf | strings.go:11:9:11:50 | ...+... | | strings.go:11:42:11:45 | "%q" | strings.go:11:30:11:50 | call to Sprintf | -| strings.go:11:48:11:49 | s2 | strings.go:11:30:11:50 | call to Sprintf | | strings.go:11:54:11:69 | call to Sprintln | strings.go:11:9:11:69 | ...+... | -| strings.go:11:67:11:68 | s3 | strings.go:11:54:11:69 | call to Sprintln | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[0] | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[1] | | url.go:12:31:12:47 | call to PathEscape | url.go:12:3:12:48 | ... = ...[0] | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index dff32df4e1ff..56552926b452 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -32,12 +32,10 @@ edges | CommandInjection2.go:13:15:13:29 | call to Query | CommandInjection2.go:15:67:15:75 | imageName | provenance | | | CommandInjection2.go:15:34:15:88 | []type{args} [array] | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | MaD:6 | | CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | []type{args} [array] | provenance | | -| CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | FunctionModel | | CommandInjection2.go:41:15:41:21 | selection of URL | CommandInjection2.go:41:15:41:29 | call to Query | provenance | Src:MaD:2 MaD:7 | | CommandInjection2.go:41:15:41:29 | call to Query | CommandInjection2.go:44:67:44:75 | imageName | provenance | | | CommandInjection2.go:44:34:44:88 | []type{args} [array] | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | MaD:6 | | CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | []type{args} [array] | provenance | | -| CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | FunctionModel | | CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance | Sink:MaD:1 | | GitSubcommands.go:11:13:11:19 | selection of URL | GitSubcommands.go:11:13:11:27 | call to Query | provenance | Src:MaD:2 MaD:7 | diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 647113f3c6b5..5a61984bf0cc 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -37,11 +37,9 @@ edges | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | -| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | FunctionModel | | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance | | -| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel | | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:9 | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance | | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance | | @@ -53,7 +51,6 @@ edges | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | -| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel | | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | Src:MaD:10 MaD:17 | | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance | | | tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | Src:MaD:6 MaD:18 | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 1ce8c3d1dcf6..d9418a905efe 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -30,7 +30,6 @@ edges | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:21 MaD:26 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance | | -| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | | issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 | @@ -38,7 +37,6 @@ edges | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | -| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | | issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 | @@ -46,7 +44,6 @@ edges | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | -| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | | issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:22 | | issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | Src:MaD:21 MaD:26 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | @@ -54,17 +51,14 @@ edges | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | -| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:18 Sink:MaD:1 | | main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 | | main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | -| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel Sink:MaD:2 | | main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 | | main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | Src:MaD:19 MaD:25 | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance | | -| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel Sink:MaD:2 | | main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance | | | main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance | | | main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | Src:MaD:21 MaD:26 | @@ -75,7 +69,6 @@ edges | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | []type{args} [array] | provenance | | -| main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | FunctionModel | | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:40:2:40:12 | RequestData [pointer, Category] | provenance | | | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | | main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | @@ -88,7 +81,6 @@ edges | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance | | -| main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel | | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:49:4:49:14 | RequestData [pointer, Category] | provenance | | | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | @@ -101,7 +93,6 @@ edges | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance | | -| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel | | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:58:4:58:14 | RequestData [pointer, Category] | provenance | | | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | @@ -112,7 +103,6 @@ edges | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | -| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | | main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:20 | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index b2659fffde78..8327c55dc28e 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -11,7 +11,6 @@ edges | sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:1 | | sample.go:15:31:15:62 | call to Sprintf | sample.go:15:24:15:63 | type conversion | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | -| sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | From e1fadd390090e67ba48914e3fa3fed6ddb64d4ad Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 13:31:35 +0200 Subject: [PATCH 3/8] js: update test expectations after removing deprecated predicates --- .../test/library-tests/frameworks/Templating/XssDiff.expected | 2 -- 1 file changed, 2 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected index 1bed23967d25..08390a967b97 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected @@ -1,5 +1,3 @@ -legacyDataFlowDifference -flow | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | | app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | From 5eeb7e371fe7a5716650abab98b787c7610643b9 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 14:27:58 +0200 Subject: [PATCH 4/8] cpp: rollback dataflow deprecetes --- cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll | 13 +++++++++++++ .../lib/semmle/code/cpp/dataflow/TaintTracking.qll | 14 ++++++++++++++ .../code/cpp/dataflow/internal/DataFlowUtil.qll | 13 +++++++++++++ .../code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 13 +++++++++++++ 4 files changed, 53 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll index b8262141dc8b..a478da5193e0 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll @@ -18,3 +18,16 @@ */ import cpp + +/** + * DEPRECATED: Use `semmle.code.cpp.dataflow.new.DataFlow` instead. + * + * Provides classes for performing local (intra-procedural) and + * global (inter-procedural) data flow analyses. + */ +deprecated module DataFlow { + private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific + private import codeql.dataflow.DataFlow + import DataFlowMake + import Public +} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll index 238a05e55d04..36af8d9660bb 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll @@ -16,3 +16,17 @@ */ import semmle.code.cpp.dataflow.DataFlow + +/** + * DEPRECATED: Use `semmle.code.cpp.dataflow.new.TaintTracking` instead. + * + * Provides classes for performing local (intra-procedural) and + * global (inter-procedural) taint-tracking analyses. + */ +deprecated module TaintTracking { + import semmle.code.cpp.dataflow.internal.TaintTrackingUtil + private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific + private import semmle.code.cpp.dataflow.internal.TaintTrackingImplSpecific + private import codeql.dataflow.TaintTracking + import TaintFlowMake +} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index 72e742f13aa0..4a8ea4ebd43d 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -98,6 +98,19 @@ class Node extends TNode { /** Gets the location of this element. */ Location getLocation() { none() } // overridden by subclasses + /** + * Holds if this element is at the specified location. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `filepath`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ + deprecated predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + /** * Gets an upper bound on the type of this node. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index ab6a9da6d85d..62ad9f02fe29 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -538,6 +538,19 @@ class Node extends TIRDataFlowNode { none() // overridden by subclasses } + /** + * Holds if this element is at the specified location. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `filepath`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ + deprecated predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + /** Gets a textual representation of this element. */ cached final string toString() { From 2960406d9b0aa26935f83324c90c15df30cfdc91 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 18:14:12 +0200 Subject: [PATCH 5/8] cpp: removed now unused predicate `commandLineArg` --- cpp/ql/lib/semmle/code/cpp/security/Security.qll | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/security/Security.qll b/cpp/ql/lib/semmle/code/cpp/security/Security.qll index fc2ec2a595ef..df1555ec4c8d 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Security.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Security.qll @@ -77,16 +77,6 @@ class SecurityOptions extends string { } } -/** - * An access to the argv argument to main(). - */ -private predicate commandLineArg(Expr e) { - exists(Parameter argv | - argv(argv) and - argv.getAnAccess() = e - ) -} - /** The argv parameter to the main function */ predicate argv(Parameter argv) { exists(Function f | From 5dfee3221f669b138665c2103400247a2f85208d Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 16 May 2025 18:26:49 +0200 Subject: [PATCH 6/8] rust: update test expectations --- rust/ql/test/extractor-tests/macro_expansion/PrintAst.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/extractor-tests/macro_expansion/PrintAst.expected b/rust/ql/test/extractor-tests/macro_expansion/PrintAst.expected index 43410dfcd8e4..3881faafeac4 100644 --- a/rust/ql/test/extractor-tests/macro_expansion/PrintAst.expected +++ b/rust/ql/test/extractor-tests/macro_expansion/PrintAst.expected @@ -110,7 +110,7 @@ macro_expansion.rs: # 2| getPath(): [Path] foo # 2| getSegment(): [PathSegment] foo # 2| getIdentifier(): [NameRef] foo -# 1| getTailExpr(): [LiteralExpr] 0 +# 1| getTailExpr(): [IntegerLiteralExpr] 0 # 1| getName(): [Name] foo___rust_ctor___ctor # 1| getRetType(): [RetTypeRepr] RetTypeRepr # 1| getTypeRepr(): [PathTypeRepr] usize From 83e1c692d19e2a8af2bda08e54a01f293be94427 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Sun, 18 May 2025 12:16:07 +0200 Subject: [PATCH 7/8] js: broought back `ServerSideUrlRedirect` and `ReflectedXss` as it seems they are not ready to be removed --- .../security/dataflow/ReflectedXssQuery.qll | 21 ++++++++++++++ .../dataflow/ServerSideUrlRedirectQuery.qll | 29 +++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 3317d3c69fda..55688d4b5ff9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -27,6 +27,27 @@ module ReflectedXssConfig implements DataFlow::ConfigSig { */ module ReflectedXssFlow = TaintTracking::Global; +/** + * DEPRECATED. Use the `ReflectedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "ReflectedXss" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) or + node instanceof Sanitizer + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { + guard instanceof QuoteGuard or + guard instanceof ContainsHtmlGuard + } +} + private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index 4b6fdc9b4896..e6c3345b2c7e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -43,6 +43,35 @@ module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { */ module ServerSideUrlRedirectFlow = TaintTracking::Global; +/** + * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "ServerSideUrlRedirect" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) or + node instanceof Sanitizer + } + + override predicate isSanitizerOut(DataFlow::Node node) { + ServerSideUrlRedirectConfig::isBarrierOut(node) + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { + guard instanceof LocalUrlSanitizingGuard or + guard instanceof HostnameSanitizerGuard + } + + override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) + } +} + /** * DEPRECATED. This is no longer used as a sanitizer guard. * From 5d17b8cc3c232936dc52c22e03f3e69fbc3e1c8b Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Sun, 18 May 2025 15:54:56 +0200 Subject: [PATCH 8/8] added change notes --- ...25-05-18-2025-May-outdated-deprecations.md | 9 +++ ...25-05-18-2025-May-outdated-deprecations.md | 32 +++++++++ ...25-05-18-2025-May-outdated-deprecations.md | 9 +++ ...25-05-18-2025-May-outdated-deprecations.md | 8 +++ ...25-05-18-2025-May-outdated-deprecations.md | 70 +++++++++++++++++++ ...25-05-18-2025-May-outdated-deprecations.md | 9 +++ ...25-05-18-2025-May-outdated-deprecations.md | 10 +++ ...25-05-18-2025-May-outdated-deprecations.md | 5 ++ ...25-05-18-2025-May-outdated-deprecations.md | 10 +++ 9 files changed, 162 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 csharp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 go/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 java/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 javascript/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 python/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 ruby/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 shared/dataflow/change-notes/2025-05-18-2025-May-outdated-deprecations.md create mode 100644 swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md diff --git a/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..b1a31ea6eb5a --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: breaking +--- +* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`. +* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`. +* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`. diff --git a/csharp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/csharp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..25e43e4ad282 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,32 @@ +--- +category: breaking +--- +* Deleted the deprecated `CollectionExpr` class from the `Guards.qll`. +* Deleted the deprecated `ParameterPosition` class from the `FlowSummary.qll`. +* Deleted the deprecated `ArgumentPosition` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `isCapturedVariableDefinitionFlowIn` predicate from the `SSA.qll`. +* Deleted the deprecated `isCapturedVariableDefinitionFlowOut` predicate from the `SSA.qll`. +* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`. +* Deleted the deprecated `Remote` import from the `InsecureDirectObjectReferenceQuery.qll`. +* Deleted the deprecated `RemoteSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead. +* Deleted the deprecated `LocalSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `CommandInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `ConditionalBypassQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `LDAPInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `MissingXMLValidationQuery.qll` use `ActiveThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `ReDoSQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `RegexInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `LocalSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `LocalSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `TaintedPathQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `UrlRedirectQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `RemoteSource` class from the `XPathInjectionQuery.qll` use `ThreatModelSource` instead. +* Deleted the deprecated `ORMMappedProperty` class from the `Stored.qll` use `EntityFramework::StoredFlowSource` and `NHibernate::StoredFlowSource` instead. + diff --git a/go/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/go/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..bc2cac154e03 --- /dev/null +++ b/go/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: breaking +--- +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `AppenderOrSprinter` class from the `Fmt.qll`. diff --git a/java/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/java/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..e742d145ba31 --- /dev/null +++ b/java/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,8 @@ +--- +category: breaking +--- +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. diff --git a/javascript/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/javascript/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..445682545e0a --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,70 @@ +--- +category: breaking +--- +* Deleted the deprecated `getImportAssertion` predicate from the `ImportDeclaration` class, use `getImportAttributes` instead. +* Deleted the deprecated `getImportAssertion` predicate from the `ExportDeclaration` class, use `getImportAttributes` instead. +* Deleted the deprecated `getImportAttributes` predicate from the `DynamicImportExpr` class, use `getImportOptions` instead. +* Deleted the deprecated `Configuration` class from the `BrokenCryptoAlgorithmQuery.qll`, use the `BrokenCryptoAlgorithmFlow` module instead. +* Deleted the deprecated `Configuration` class from the `BuildArtifactLeakQuery.qll`, use the `BuildArtifactLeakFlow` module instead. +* Deleted the deprecated `getLabel` predicate from the `CleartextLoggingCustomizations.qll`. +* Deleted the deprecated `getLabel` predicate from the `Sink` class. +* Deleted the deprecated `isSanitizerEdge` predicate from the `CleartextLoggingCustomizations.qll`, use `Barrier` instead, sanitized have been replaced by sanitized nodes. +* Deleted the deprecated `Configuration` class from the `CleartextLoggingQuery.qll`, use the `CleartextLoggingFlow` module instead. +* Deleted the deprecated `Configuration` class from the `CleartextStorageQuery.qll`, use the `ClearTextStorageFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ClientSideRequestForgeryQuery.qll`, use the `ClientSideRequestForgeryFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ClientSideUrlRedirectQuery.qll`. +* Deleted the deprecated `Configuration` class from the `CodeInjectionQuery.qll`, use the `CodeInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `CommandInjectionQuery.qll`, use the `CommandInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ConditionalBypassQuery.qll`, use the `ConditionalBypassFlow` module instead. +* Deleted the deprecated `Configuration` class from the `CorsMisconfigurationForCredentialsQuery.qll`, use the `CorsMisconfigurationFlow` module instead. +* Deleted the deprecated `Configuration` class from the `DeepObjectResourceExhaustionQuery.qll`, use the `DeepObjectResourceExhaustionFlow` module instead. +* Deleted the deprecated `isOptionallySanitizedEdge` predicate from the `DomBasedXssCustomizations.qll`, use the `isOptionallySanitizedNode` module instead. +* Deleted the deprecated `Configuration` class from the `DomBasedXssQuery.qll`, use the `DomBasedXssFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ExceptionXssQuery.qll`, use the `ExceptionXssFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ExternalAPIUsedWithUntrustedDataQuery.qll`, use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. +* Deleted the deprecated `Configuration` class from the `FileAccessToHttpQuery.qll`, use the `FileAccessToHttpFlow` module instead. +* Deleted the deprecated `Configuration` class from the `HardcodedCredentialsQuery.qll`, use the `HardcodedCredentials` module instead. +* Deleted the deprecated `Configuration` class from the `HardcodedDataInterpretedAsCodeQuery.qll`, use the `HardcodedDataInterpretedAsCodeFlow` module instead. +* Deleted the deprecated `Configuration` class from the `HostHeaderPoisoningInEmailGenerationQuery.qll`, use the `HostHeaderPoisoningFlow` module instead. +* Deleted the deprecated `Configuration` class from the `HttpToFileAccessQuery.qll`, use the `HttpToFileAccessFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ImproperCodeSanitizationQuery.qll`, use the `ImproperCodeSanitizationFlow` module instead. +* Deleted the deprecated `Configuration` class from the `IncompleteHtmlAttributeSanitizationQuery.qll`, use the `IncompleteHtmlAttributeSanitizationFlow` module instead. +* Deleted the deprecated `Configuration` class from the `IndirectCommandInjectionQuery.qll`, use the `IndirectCommandInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `InsecureDownloadQuery.qll`, use the `InsecureDownload` module instead. +* Deleted the deprecated `Configuration` class from the `InsecureRandomnessQuery.qll`, use the `InsecureRandomnessFlow` module instead. +* Deleted the deprecated `Configuration` class from the `InsufficientPasswordHashQuery.qll`, use the `InsufficientPasswordHashFlow` module instead. +* Deleted the deprecated `Configuration` class from the `LogInjectionQuery.qll`, use the `LogInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `LoopBoundInjectionQuery.qll`, use the `LoopBoundInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `NosqlInjectionQuery.qll`, use the `NosqlInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `PostMessageStarQuery.qll`, use the `PostMessageStarFlow` module instead. +* Deleted the deprecated `Configuration` class from the `PrototypePollutingAssignmentQuery.qll`, use the `PrototypePollutingAssignmentFlow` module instead. +* Deleted the deprecated `Configuration` class from the `PrototypePollutionQuery.qll`, use the `PrototypePollutionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `RegExpInjectionQuery.qll`, use the `RegExpInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `RemotePropertyInjectionQuery.qll`, use the `RemotePropertyInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `RequestForgeryQuery.qll`, use the `RequestForgeryFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ResourceExhaustionQuery.qll`, use the `ResourceExhaustionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `SecondOrderCommandInjectionQuery.qll`, use the `SecondOrderCommandInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ShellCommandInjectionFromEnvironmentQuery.qll`, use the `ShellCommandInjectionFromEnvironmentFlow` module instead. +* Deleted the deprecated `Configuration` class from the `SqlInjectionQuery.qll`, use the `SqlInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `StackTraceExposureQuery.qll`, use the `StackTraceExposureFlow` module instead. +* Deleted the deprecated `Configuration` class from the `StoredXssQuery.qll`, use the `StoredXssFlow` module instead. +* Deleted the deprecated `Configuration` class from the `TaintedFormatStringQuery.qll`, use the `TaintedFormatStringFlow` module instead. +* Deleted the deprecated `BarrierGuardNode` class from the `TaintedPathCustomizations.qll`. +* Deleted the deprecated `Configuration` class from the `TaintedPathQuery.qll`, use the `TaintedPathFlow` module instead. +* Deleted the deprecated `Configuration` class from the `TemplateObjectInjectionQuery.qll`, use the `TemplateObjInjectionConfig` module instead. +* Deleted the deprecated `Configuration` class from the `TypeConfusionThroughParameterTamperingQuery.qll`, use the `TypeConfusionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `UnsafeCodeConstruction.qll`, use the `UnsafeCodeConstructionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `UnsafeDeserializationQuery.qll`, use the `UnsafeDeserializationFlow` module instead. +* Deleted the deprecated `Configuration` class from the `UnsafeDynamicMethodAccessQuery.qll`, use the `UnsafeDynamicMethodAccessFlow` module instead. +* Deleted the deprecated `Configration` class from the `UnsafeHtmlConstructionQuery.qll`. +* Deleted the deprecated `Configuration` class from the `UnsafeJQueryPluginQuery.qll`, use the `UnsafeJQueryPluginFlow` module instead. +* Deleted the deprecated `Configuration` class from the `UnsafeShellCommandConstructionQuery.qll`, use the `UnsafeShellCommandConstructionFlow` module instead. +* Deleted the deprecated `sanitizes` predicate from the `UnvalidatedDynamicMethodCallCustomizations.qll`. +* Deleted the deprecated `Configuration` class from the `UnvalidatedDynamicMethodCallQuery.qll`, use the `UnvalidatedDynamicMethodCallFlow` module instead. +* Deleted the deprecated `Configuration` class from the `XmlBombQuery.qll`, use the `XmlBombFlow` module instead. +* Deleted the deprecated `Configuration` class from the `XpathInjectionQuery.qll`, use the `XpathInjectionFlow` module instead. +* Deleted the deprecated `Configuration` class from the `XssThroughDomQuery.qll`, use the `XssThroughDomFlow` module instead. +* Deleted the deprecated `Configuration` class from the `XxeQuery.qll`, use the `XxeFlow` module instead. +* Deleted the deprecated `Configuration` class from the `ZipSlipQuery.qll`. +* Deleted the deprecated `Configuration` class from the `PolynomialReDoSQuery.qll`, use the `PolynomialReDoSFlow` module instead. +* Deleted the deprecated `Configuration` class from the `SSRF.qll`, use the `SsrfFlow` module instead. diff --git a/python/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/python/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..4472644d79c4 --- /dev/null +++ b/python/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: breaking +--- +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `propagatesFlowExt` predicate from the `FlowSummary.qll`, use `propagatesFlow` instead. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. diff --git a/ruby/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/ruby/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..6322dca461be --- /dev/null +++ b/ruby/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,10 @@ +--- +category: breaking +--- +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `propagatesFlowExt` predicate from the `FlowSummary.qll`, use `propagatesFlow` instead. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`. diff --git a/shared/dataflow/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/shared/dataflow/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..6303a7ae82cb --- /dev/null +++ b/shared/dataflow/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: breaking +--- +* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlow.qll`. +* Deleted the deprecated `FlowStateString` module from the `DataFlowImplCommon.qll`, use `FlowState` type instead. diff --git a/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..072e6bba5cda --- /dev/null +++ b/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,10 @@ +--- +category: breaking +--- +* Deleted the deprecated `parseContent` predicate from the `ExternalFlow.qll`. +* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`. +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.