Skip to content

Commit

Permalink
Java: Delete deprecated extension points referencing deleted api.
Browse files Browse the repository at this point in the history
  • Loading branch information
aschackmull committed Dec 3, 2024
1 parent 5b51088 commit 54743d1
Show file tree
Hide file tree
Showing 8 changed files with 4 additions and 91 deletions.
2 changes: 0 additions & 2 deletions java/ql/lib/semmle/code/java/frameworks/JsonIo.qll
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
import java
import semmle.code.java.Maps
import semmle.code.java.dataflow.DataFlow
deprecated import semmle.code.java.dataflow.DataFlow2
private import semmle.code.java.dataflow.DataFlow2

/**
* The class `com.cedarsoftware.util.io.JsonReader`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@

import java
import semmle.code.java.dataflow.FlowSources
deprecated import semmle.code.java.dataflow.DataFlow2
import semmle.code.java.dataflow.TaintTracking
deprecated import semmle.code.java.dataflow.TaintTracking3
import semmle.code.java.security.AndroidIntentRedirection

/** A taint tracking configuration for tainted Intents being used to start Android components. */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import java
import semmle.code.java.dataflow.DataFlow
deprecated import semmle.code.java.dataflow.DataFlow3
import semmle.code.java.security.CleartextStorageQuery
private import semmle.code.java.dataflow.FlowSinks
private import semmle.code.java.dataflow.FlowSources
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@

import java
import semmle.code.java.dataflow.DataFlow
deprecated import semmle.code.java.dataflow.DataFlow2
private import semmle.code.java.dataflow.DataFlow2
import HardcodedCredentials

/**
Expand Down
33 changes: 2 additions & 31 deletions java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,10 @@ class NoState extends PendingIntentState, TNoState {
}

/** A source for an implicit `PendingIntent` flow. */
abstract class ImplicitPendingIntentSource extends ApiSourceNode {
/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if this source has the specified `state`.
*/
deprecated predicate hasState(DataFlow::FlowState state) { state = "" }
}
abstract class ImplicitPendingIntentSource extends ApiSourceNode { }

/** A sink that sends an implicit and mutable `PendingIntent` to a third party. */
abstract class ImplicitPendingIntentSink extends DataFlow::Node {
/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if this sink has the specified `state`.
*/
deprecated predicate hasState(DataFlow::FlowState state) { state = "" }
}
abstract class ImplicitPendingIntentSink extends DataFlow::Node { }

/**
* A unit class for adding additional taint steps.
Expand All @@ -62,21 +48,6 @@ class ImplicitPendingIntentAdditionalTaintStep extends Unit {
* Holds if the step from `node1` to `node2` creates a mutable `PendingIntent`.
*/
predicate mutablePendingIntentCreation(DataFlow::Node node1, DataFlow::Node node2) { none() }

/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
* Use `mutablePendingIntentCreation` instead.
*
* Holds if the step from `node1` to `node2` should be considered a taint
* step for flows related to the use of implicit `PendingIntent`s. This step is only applicable
* in `state1` and updates the flow state to `state2`.
*/
deprecated predicate step(
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
DataFlow::FlowState state2
) {
none()
}
}

private class IntentCreationSource extends ImplicitPendingIntentSource {
Expand Down
52 changes: 2 additions & 50 deletions java/ql/lib/semmle/code/java/security/TemplateInjection.qll
Original file line number Diff line number Diff line change
Expand Up @@ -9,30 +9,12 @@ private import semmle.code.java.security.Sanitizers
/**
* A source for server-side template injection (SST) vulnerabilities.
*/
abstract class TemplateInjectionSource extends DataFlow::Node {
/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if this source has the specified `state`.
*/
deprecated predicate hasState(DataFlow::FlowState state) {
state instanceof DataFlow::FlowStateEmpty
}
}
abstract class TemplateInjectionSource extends DataFlow::Node { }

/**
* A sink for server-side template injection (SST) vulnerabilities.
*/
abstract class TemplateInjectionSink extends DataFlow::Node {
/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if this sink has the specified `state`.
*/
deprecated predicate hasState(DataFlow::FlowState state) {
state instanceof DataFlow::FlowStateEmpty
}
}
abstract class TemplateInjectionSink extends DataFlow::Node { }

/**
* A unit class for adding additional taint steps.
Expand All @@ -46,43 +28,13 @@ class TemplateInjectionAdditionalTaintStep extends Unit {
* step for flows related to server-side template injection (SST) vulnerabilities.
*/
predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if the step from `node1` to `node2` should be considered a taint
* step for flows related toserver-side template injection (SST) vulnerabilities.
* This step is only applicable in `state1` and updates the flow state to `state2`.
*/
deprecated predicate isAdditionalTaintStep(
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
DataFlow::FlowState state2
) {
none()
}
}

/**
* A sanitizer for server-side template injection (SST) vulnerabilities.
*/
abstract class TemplateInjectionSanitizer extends DataFlow::Node { }

/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* A sanitizer for server-side template injection (SST) vulnerabilities.
* This sanitizer is only applicable when `TemplateInjectionSanitizerWithState::hasState`
* holds for the flow state.
*/
abstract deprecated class TemplateInjectionSanitizerWithState extends DataFlow::Node {
/**
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
*
* Holds if this sanitizer has the specified `state`.
*/
abstract deprecated predicate hasState(DataFlow::FlowState state);
}

private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof ActiveThreatModelSource
{ }

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.dataflow.FlowSinks
private import semmle.code.java.dataflow.TaintTracking2
private import semmle.code.java.dispatch.VirtualDispatch
private import semmle.code.java.frameworks.Kryo
private import semmle.code.java.frameworks.XStream
Expand Down
2 changes: 0 additions & 2 deletions java/ql/lib/semmle/code/java/security/XmlParsers.qll
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

import java
import semmle.code.java.dataflow.DataFlow
deprecated import semmle.code.java.dataflow.DataFlow3
private import semmle.code.java.dataflow.DataFlow3
private import semmle.code.java.dataflow.RangeUtils

private module Frameworks {
Expand Down

0 comments on commit 54743d1

Please sign in to comment.