github · Napalys · May 16, 2025 · May 16, 2025 · May 16, 2025 · May 16, 2025
@@ -0,0 +1,9 @@
+---
+category: breaking
+---
+* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
+* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
+* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
+* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.
@@ -42,58 +42,6 @@ class SecurityOptions extends string {
     )
   }
 
-  /**
-   * The argument of the given function is filled in from user input.
-   */
-  deprecated predicate userInputArgument(FunctionCall functionCall, int arg) {
-    exists(string fname |
-      functionCall.getTarget().hasGlobalOrStdName(fname) and
-      exists(functionCall.getArgument(arg)) and
-      (
-        fname = ["fread", "fgets", "fgetws", "gets"] and arg = 0
-        or
-        fname = "scanf" and arg >= 1
-        or
-        fname = "fscanf" and arg >= 2
-      )
-      or
-      functionCall.getTarget().hasGlobalName(fname) and
-      exists(functionCall.getArgument(arg)) and
-      fname = "getaddrinfo" and
-      arg = 3
-    )
-    or
-    exists(RemoteFlowSourceFunction remote, FunctionOutput output |
-      functionCall.getTarget() = remote and
-      output.isParameterDerefOrQualifierObject(arg) and
-      remote.hasRemoteFlowSource(output, _)
-    )
-  }
-
-  /**
-   * The return value of the given function is filled in from user input.
-   */
-  deprecated predicate userInputReturned(FunctionCall functionCall) {
-    exists(string fname |
-      functionCall.getTarget().getName() = fname and
-      (
-        fname = ["fgets", "gets"] or
-        this.userInputReturn(fname)
-      )
-    )
-    or
-    exists(RemoteFlowSourceFunction remote, FunctionOutput output |
-      functionCall.getTarget() = remote and
-      (output.isReturnValue() or output.isReturnValueDeref()) and
-      remote.hasRemoteFlowSource(output, _)
-    )
-  }
-
-  /**
-   * DEPRECATED: Users should override `userInputReturned()` instead.
-   */
-  deprecated predicate userInputReturn(string function) { none() }
-
   /**
    * The argument of the given function is used for running a process or loading
    * a library.
@@ -108,29 +56,6 @@ class SecurityOptions extends string {
     function = ["LoadLibrary", "LoadLibraryA", "LoadLibraryW"] and arg = 0
   }
 
-  /**
-   * This predicate should hold if the expression is directly
-   * computed from user input. Such expressions are treated as
-   * sources of taint.
-   */
-  deprecated predicate isUserInput(Expr expr, string cause) {
-    exists(FunctionCall fc, int i |
-      this.userInputArgument(fc, i) and
-      expr = fc.getArgument(i) and
-      cause = fc.getTarget().getName()
-    )
-    or
-    exists(FunctionCall fc |
-      this.userInputReturned(fc) and
-      expr = fc and
-      cause = fc.getTarget().getName()
-    )
-    or
-    commandLineArg(expr) and cause = "argv"
-    or
-    expr.(EnvironmentRead).getSourceDescription() = cause
-  }
-
   /**
    * This predicate should hold if the expression raises privilege for the
    * current session. The default definition only holds true for some
@@ -152,16 +77,6 @@ class SecurityOptions extends string {
   }
 }
 
-/**
- * An access to the argv argument to main().
- */
-private predicate commandLineArg(Expr e) {
-  exists(Parameter argv |
-    argv(argv) and
-    argv.getAnAccess() = e
-  )
-}
-
 /** The argv parameter to the main function */
 predicate argv(Parameter argv) {
   exists(Function f |
@@ -173,21 +88,6 @@ predicate argv(Parameter argv) {
 /** Convenience accessor for SecurityOptions.isPureFunction */
 predicate isPureFunction(string name) { exists(SecurityOptions opts | opts.isPureFunction(name)) }
 
-/** Convenience accessor for SecurityOptions.userInputArgument */
-deprecated predicate userInputArgument(FunctionCall functionCall, int arg) {
-  exists(SecurityOptions opts | opts.userInputArgument(functionCall, arg))
-}
-
-/** Convenience accessor for SecurityOptions.userInputReturn */
-deprecated predicate userInputReturned(FunctionCall functionCall) {
-  exists(SecurityOptions opts | opts.userInputReturned(functionCall))
-}
-
-/** Convenience accessor for SecurityOptions.isUserInput */
-deprecated predicate isUserInput(Expr expr, string cause) {
-  exists(SecurityOptions opts | opts.isUserInput(expr, cause))
-}
-
 /** Convenience accessor for SecurityOptions.isProcessOperationArgument */
 predicate isProcessOperationArgument(string function, int arg) {
   exists(SecurityOptions opts | opts.isProcessOperationArgument(function, arg))

@@ -22,28 +22,4 @@ class CustomSecurityOptions extends SecurityOptions {
     // for example: (function = "MySpecialSqlFunction" and arg = 0)
     none() // rules to match custom functions replace this line
   }
-
-  deprecated override predicate userInputArgument(FunctionCall functionCall, int arg) {
-    SecurityOptions.super.userInputArgument(functionCall, arg)
-    or
-    exists(string fname |
-      functionCall.getTarget().hasGlobalName(fname) and
-      exists(functionCall.getArgument(arg)) and
-      // --- custom functions that return user input via one of their arguments:
-      // 'arg' is the 0-based index of the argument that is used to return user input
-      // for example: (fname = "readXmlInto" and arg = 1)
-      none() // rules to match custom functions replace this line
-    )
-  }
-
-  deprecated override predicate userInputReturned(FunctionCall functionCall) {
-    SecurityOptions.super.userInputReturned(functionCall)
-    or
-    exists(string fname |
-      functionCall.getTarget().hasGlobalName(fname) and
-      // --- custom functions that return user input via their return value:
-      // for example: fname = "xmlReadAttribute"
-      none() // rules to match custom functions replace this line
-    )
-  }
 }
@@ -0,0 +1,32 @@
+---
+category: breaking
+---
+* Deleted the deprecated `CollectionExpr` class from the `Guards.qll`.
+* Deleted the deprecated `ParameterPosition` class from the `FlowSummary.qll`.
+* Deleted the deprecated `ArgumentPosition` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`.
+* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`.
+* Deleted the deprecated `isCapturedVariableDefinitionFlowIn` predicate from the `SSA.qll`.
+* Deleted the deprecated `isCapturedVariableDefinitionFlowOut` predicate from the `SSA.qll`.
+* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`.
+* Deleted the deprecated `Remote` import from the `InsecureDirectObjectReferenceQuery.qll`.
+* Deleted the deprecated `RemoteSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `CodeInjectionQuery.qll`, use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `CommandInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ConditionalBypassQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `LDAPInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `MissingXMLValidationQuery.qll` use `ActiveThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ReDoSQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `RegexInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `ResourceInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `LocalSource` class from the `SqlInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `TaintedPathQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `UrlRedirectQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `RemoteSource` class from the `XPathInjectionQuery.qll` use `ThreatModelSource` instead.
+* Deleted the deprecated `ORMMappedProperty` class from the `Stored.qll` use `EntityFramework::StoredFlowSource` and `NHibernate::StoredFlowSource` instead.
+
@@ -478,11 +478,6 @@ class DereferenceableExpr extends Expr {
   }
 }
 
-/**
- * DEPRECATED: Use `EnumerableCollectionExpr` instead.
- */
-deprecated class CollectionExpr = EnumerableCollectionExpr;
-
 /**
  * An expression that evaluates to a collection. That is, an expression whose
  * (transitive, reflexive) base type is `IEnumerable`.

@@ -4,20 +4,6 @@ import csharp
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowDispatch as DataFlowDispatch
 
-deprecated class ParameterPosition = DataFlowDispatch::ParameterPosition;
-
-deprecated class ArgumentPosition = DataFlowDispatch::ArgumentPosition;
-
-deprecated class SummaryComponent = Impl::Private::SummaryComponent;
-
-deprecated module SummaryComponent = Impl::Private::SummaryComponent;
-
-deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
-deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
-deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
-
 class SummarizedCallable = Impl::Public::SummarizedCallable;
 
 class Provenance = Impl::Public::Provenance;
@@ -463,64 +463,6 @@ module Ssa {
      */
     final AssignableDefinition getADefinition() { result = SsaImpl::getADefinition(this) }
 
-    /**
-     * DEPRECATED.
-     *
-     * Holds if this definition updates a captured local scope variable, and the updated
-     * value may be read from the implicit entry definition `def` using one or more calls
-     * (as indicated by `additionalCalls`), starting from call `c`.
-     *
-     * Example:
-     *
-     * ```csharp
-     * class C {
-     *   void M1() {
-     *     int i = 0;
-     *     void M2() => System.Console.WriteLine(i);
-     *     i = 1;
-     *     M2();
-     *   }
-     * }
-     * ```
-     *
-     * If this definition is the update of `i` on line 5, then the value may be read inside
-     * `M2` via the call on line 6.
-     */
-    deprecated final predicate isCapturedVariableDefinitionFlowIn(
-      ImplicitEntryDefinition def, ControlFlow::Nodes::ElementNode c, boolean additionalCalls
-    ) {
-      none()
-    }
-
-    /**
-     * DEPRECATED.
-     *
-     * Holds if this definition updates a captured local scope variable, and the updated
-     * value may be read from the implicit call definition `cdef` using one or more calls
-     * (as indicated by `additionalCalls`).
-     *
-     * Example:
-     *
-     * ```csharp
-     * class C {
-     *   void M1() {
-     *     int i = 0;
-     *     void M2() { i = 2; };
-     *     M2();
-     *     System.Console.WriteLine(i);
-     *   }
-     * }
-     * ```
-     *
-     * If this definition is the update of `i` on line 4, then the value may be read outside
-     * of `M2` via the call on line 5.
-     */
-    deprecated final predicate isCapturedVariableDefinitionFlowOut(
-      ImplicitCallDefinition cdef, boolean additionalCalls
-    ) {
-      none()
-    }
-
     override Element getElement() { result = ad.getElement() }
 
     override string toString() {

@@ -51,19 +51,6 @@ class Node extends TNode {
 
   /** Gets the location of this node. */
   final Location getLocation() { result = this.(NodeImpl).getLocationImpl() }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  deprecated predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
 }
 
 /**

@@ -2,7 +2,6 @@
 
 import csharp
 import semmle.code.csharp.security.dataflow.flowsources.FlowSources
-deprecated import semmle.code.csharp.dataflow.flowsources.Remote
 import ActionMethods
 
 /**

@@ -40,20 +40,6 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
  */
 module CodeInjection = TaintTracking::Global<CodeInjectionConfig>;
 
-/**
- * DEPRECATED: Use `ThreatModelSource` instead.
- *
- * A source of remote user input.
- */
-deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
-
-/**
- * DEPRECATED: Use `ThreatModelSource` instead.
- *
- * A source of local user input.
- */
-deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
-
 /** A source supported by the current threat model. */
 class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 

@@ -49,13 +49,6 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
  */
 module CommandInjection = TaintTracking::Global<CommandInjectionConfig>;
 
-/**
- * DEPRECATED: Use `ThreatModelSource` instead.
- *
- * A source of remote user input.
- */
-deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
-
 /** A source supported by the current threat model. */
 class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 

@@ -46,13 +46,6 @@ private module ConditionalBypassConfig implements DataFlow::ConfigSig {
  */
 module ConditionalBypass = TaintTracking::Global<ConditionalBypassConfig>;
 
-/**
- * DEPRECATED: Use `ThreatModelSource` instead.
- *
- * A source of remote user input.
- */
-deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
-
 /** A source supported by the current threat model. */
 class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
 

@@ -52,13 +52,6 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {
  */
 module LdapInjection = TaintTracking::Global<LdapInjectionConfig>;
 
-/**
- * DEPRECATED: Use `ThreadModelSource` instead.
- *
- * A source of remote user input.
- */
-deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource { }
-
 /** A source supported by the current threat model. */
 class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }