From 92c1c44a278f23c2a106b6308e27b5a8b30cb058 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 3 Dec 2024 16:16:55 +0100 Subject: [PATCH] Python: Remove deprecated configuration classes referencing deleted api. --- .../dataflow/CleartextLoggingQuery.qll | 19 ------- .../dataflow/CleartextStorageQuery.qll | 19 ------- .../security/dataflow/CodeInjectionQuery.qll | 15 ------ .../dataflow/CommandInjectionQuery.qll | 15 ------ .../security/dataflow/LdapInjectionQuery.qll | 32 ------------ .../security/dataflow/LogInjectionQuery.qll | 15 ------ .../dataflow/PamAuthorizationQuery.qll | 29 ----------- .../security/dataflow/PathInjectionQuery.qll | 51 ------------------- .../dataflow/PolynomialReDoSQuery.qll | 15 ------ .../security/dataflow/ReflectedXssQuery.qll | 15 ------ .../security/dataflow/RegexInjectionQuery.qll | 15 ------ .../ServerSideRequestForgeryQuery.qll | 25 --------- .../security/dataflow/SqlInjectionQuery.qll | 15 ------ .../dataflow/StackTraceExposureQuery.qll | 24 --------- .../python/security/dataflow/TarSlipQuery.qll | 15 ------ .../dataflow/UnsafeDeserializationQuery.qll | 15 ------ .../UnsafeShellCommandConstructionQuery.qll | 23 --------- .../security/dataflow/UrlRedirectQuery.qll | 28 ---------- .../WeakSensitiveDataHashingQuery.qll | 51 ------------------- .../python/security/dataflow/XmlBombQuery.qll | 18 ------- .../security/dataflow/XpathInjectionQuery.qll | 15 ------ .../python/security/dataflow/XxeQuery.qll | 18 ------- 22 files changed, 487 deletions(-) diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll index 0b0cb04682069..03b1db49d170b 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll @@ -15,25 +15,6 @@ private import semmle.python.dataflow.new.BarrierGuards private import semmle.python.dataflow.new.SensitiveDataSources import CleartextLoggingCustomizations::CleartextLogging -/** - * DEPRECATED: Use `CleartextLoggingFlow` module instead. - * - * A taint-tracking configuration for detecting "Clear-text logging of sensitive information". - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CleartextLogging" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } -} - private module CleartextLoggingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll index ef9c8c13b56b3..7ee85230c84f1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll @@ -15,25 +15,6 @@ private import semmle.python.dataflow.new.BarrierGuards private import semmle.python.dataflow.new.SensitiveDataSources import CleartextStorageCustomizations::CleartextStorage -/** - * DEPRECATED: Use `CleartextStorageFlow` module instead. - * - * A taint-tracking configuration for detecting "Clear-text storage of sensitive information". - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CleartextStorage" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } -} - private module CleartextStorageConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll index ecb0435fec821..486d06a6b21b1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import CodeInjectionCustomizations::CodeInjection -/** - * DEPRECATED: Use `CodeInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "code injection" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CodeInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module CodeInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll index 8874a12132fea..18bcbe8cdd5e8 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import CommandInjectionCustomizations::CommandInjection -/** - * DEPRECATED: Use `CommandInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "command injection" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for detecting "command injection" vulnerabilities. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll index 9dd24bceddb3b..527c1cbfe4327 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll @@ -13,22 +13,6 @@ import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.RemoteFlowSources import LdapInjectionCustomizations::LdapInjection -/** - * DEPRECATED: Use `LdapInjectionDnFlow` module instead. - * - * A taint-tracking configuration for detecting LDAP injection vulnerabilities - * via the distinguished name (DN) parameter of an LDAP search. - */ -deprecated class DnConfiguration extends TaintTracking::Configuration { - DnConfiguration() { this = "LdapDnInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof DnSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof DnSanitizer } -} - private module LdapInjectionDnConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -40,22 +24,6 @@ private module LdapInjectionDnConfig implements DataFlow::ConfigSig { /** Global taint-tracking for detecting "LDAP injection via the distinguished name (DN) parameter" vulnerabilities. */ module LdapInjectionDnFlow = TaintTracking::Global; -/** - * DEPRECATED: Use `LdapInjectionFilterFlow` module instead. - * - * A taint-tracking configuration for detecting LDAP injection vulnerabilities - * via the filter parameter of an LDAP search. - */ -deprecated class FilterConfiguration extends TaintTracking::Configuration { - FilterConfiguration() { this = "LdapFilterInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof FilterSanitizer } -} - private module LdapInjectionFilterConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll index 780c27bb21313..7204accbdcf2b 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import LogInjectionCustomizations::LogInjection -/** - * DEPRECATED: Use `LogInjectionFlow` module instead. - * - * A taint-tracking configuration for tracking untrusted user input used in log entries. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "LogInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module LogInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll index 4b150299b318f..eb83d0bf84f00 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll @@ -11,35 +11,6 @@ import semmle.python.ApiGraphs import semmle.python.dataflow.new.TaintTracking import PamAuthorizationCustomizations::PamAuthorizationCustomizations -/** - * DEPRECATED: Use `PamAuthorizationFlow` module instead. - * - * A taint-tracking configuration for detecting "PAM Authorization" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PamAuthorization" } - - override predicate isSource(DataFlow::Node node) { node instanceof Source } - - override predicate isSink(DataFlow::Node node) { node instanceof Sink } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - // Models flow from a remotely supplied username field to a PAM `handle`. - // `retval = pam_start(service, username, byref(conv), byref(handle))` - exists(API::CallNode pamStart, DataFlow::Node handle, API::CallNode pointer | - pointer = API::moduleImport("ctypes").getMember(["pointer", "byref"]).getACall() and - pamStart = libPam().getMember("pam_start").getACall() and - pointer = pamStart.getArg(3) and - handle = pointer.getArg(0) and - pamStart.getArg(1) = node1 and - handle = node2 - ) - or - // Flow from handle to the authenticate call in the final step - exists(VulnPamAuthCall c | c.getArg(0) = node1 | node2 = c) - } -} - private module PamAuthorizationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll index 2cd6ba2a6f40a..b3081fd9996aa 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll @@ -12,57 +12,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import PathInjectionCustomizations::PathInjection -/** - * DEPRECATED: Use `PathInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "path injection" vulnerabilities. - * - * This configuration uses two flow states, `NotNormalized` and `NormalizedUnchecked`, - * to track the requirement that a file path must be first normalized and then checked - * before it is safe to use. - * - * At sources, paths are assumed not normalized. At normalization points, they change - * state to `NormalizedUnchecked` after which they can be made safe by an appropriate - * check of the prefix. - * - * Such checks are ineffective in the `NotNormalized` state. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PathInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { - source instanceof Source and state instanceof NotNormalized - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - sink instanceof Sink and - ( - state instanceof NotNormalized or - state instanceof NormalizedUnchecked - ) - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { - // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked` - node instanceof Path::PathNormalization and - state instanceof NotNormalized - or - node instanceof Path::SafeAccessCheck and - state instanceof NormalizedUnchecked - } - - override predicate isAdditionalTaintStep( - DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, - DataFlow::FlowState stateTo - ) { - nodeFrom = nodeTo.(Path::PathNormalization).getPathArg() and - stateFrom instanceof NotNormalized and - stateTo instanceof NormalizedUnchecked - } -} - abstract private class NormalizationState extends string { bindingset[this] NormalizationState() { any() } diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll index 3ca67fff82e50..4e082aac26e43 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import PolynomialReDoSCustomizations::PolynomialReDoS -/** - * DEPRECATED: Use `PolynomialReDoSFlow` module instead. - * - * A taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PolynomialReDoS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module PolynomialReDoSConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll index d67c5e3cb39fc..5f5b2dd58df5d 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import ReflectedXSSCustomizations::ReflectedXss -/** - * DEPRECATED: Use `ReflectedXssFlow` module instead. - * - * A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ReflectedXSS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module ReflectedXssConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll index d79b76a8685cc..ae21270a63eac 100644 --- a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll @@ -12,21 +12,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import RegexInjectionCustomizations::RegexInjection -/** - * DEPRECATED: Use `RegexInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RegexInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module RegexInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll index d0bfa24cf5e9b..2601099b9ee80 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll @@ -12,31 +12,6 @@ import semmle.python.dataflow.new.TaintTracking import semmle.python.Concepts import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery -/** - * DEPRECATED: Use `FullServerSideRequestForgeryFlow` module instead. - * - * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities. - * - * This configuration has a sanitizer to limit results to cases where attacker has full control of URL. - * See `PartialServerSideRequestForgery` for a variant without this requirement. - * - * You should use the `fullyControlledRequest` to only select results where all - * URL parts are fully controlled. - */ -deprecated class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration { - FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - node instanceof Sanitizer - or - node instanceof FullUrlControlSanitizer - } -} - /** * This configuration has a sanitizer to limit results to cases where attacker has full control of URL. * See `PartialServerSideRequestForgery` for a variant without this requirement. diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll index 877e30f50903f..a63590643f3a4 100644 --- a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import SqlInjectionCustomizations::SqlInjection -/** - * DEPRECATED: Use `SqlInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "SQL injection" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module SqlInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll index 9980aa76ea37e..57ef6d7ebb2a0 100644 --- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll @@ -11,30 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import StackTraceExposureCustomizations::StackTraceExposure -/** - * DEPRECATED: Use `StackTraceExposureFlow` module instead. - * - * A taint-tracking configuration for detecting "stack trace exposure" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - // A stack trace is accessible as the `__traceback__` attribute of a caught exception. - // see https://docs.python.org/3/reference/datamodel.html#traceback-objects - override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - exists(DataFlow::AttrRead attr | attr.getAttributeName() = "__traceback__" | - nodeFrom = attr.getObject() and - nodeTo = attr - ) - } -} - private module StackTraceExposureConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll b/python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll index 7bb008f1afb39..162bfcd74ccb6 100644 --- a/python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import TarSlipCustomizations::TarSlip -/** - * DEPRECATED: Use `TarSlipFlow` module instead. - * - * A taint-tracking configuration for detecting "tar slip" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TarSlip" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module TarSlipConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll index bd067213fb5d0..dd6925b79983f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import UnsafeDeserializationCustomizations::UnsafeDeserialization -/** - * DEPRECATED: Use `UnsafeDeserializationFlow` module instead. - * - * A taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDeserialization" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll index 6d292a88b6c74..51341cfe6cdca 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -13,29 +13,6 @@ private import semmle.python.dataflow.new.TaintTracking private import CommandInjectionCustomizations::CommandInjection as CommandInjection private import semmle.python.dataflow.new.BarrierGuards -/** - * DEPRECATED: Use `UnsafeShellCommandConstructionFlow` module instead. - * - * A taint-tracking configuration for detecting shell command constructed from library input vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeShellCommandConstruction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - node instanceof Sanitizer or - node instanceof CommandInjection::Sanitizer // using all sanitizers from `py/command-injection` - } - - // override to require the path doesn't have unmatched return steps - override DataFlow::FlowFeature getAFeature() { - result instanceof DataFlow::FeatureHasSourceCallContext - } -} - /** * A taint-tracking configuration for detecting "shell command constructed from library input" vulnerabilities. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll index 5b44cd988ad1c..a9526f33ad34e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll @@ -11,34 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import UrlRedirectCustomizations::UrlRedirect as UrlRedirect -/** - * DEPRECATED: Use `UrlRedirectFlow` module instead. - * - * A taint-tracking configuration for detecting "URL redirection" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UrlRedirect" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { - source instanceof UrlRedirect::Source and state instanceof UrlRedirect::MayContainBackslashes - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - sink instanceof UrlRedirect::Sink and state instanceof UrlRedirect::FlowState - } - - override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { - node.(UrlRedirect::Sanitizer).sanitizes(state) - } - - override predicate isAdditionalTaintStep( - DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, - DataFlow::FlowState stateTo - ) { - any(UrlRedirect::AdditionalFlowStep a).step(nodeFrom, stateFrom, nodeTo, stateTo) - } -} - private module UrlRedirectConfig implements DataFlow::StateConfigSig { class FlowState = UrlRedirect::FlowState; diff --git a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll index 9e2803b336995..04d8846d7d01e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll @@ -23,30 +23,6 @@ private import semmle.python.dataflow.new.SensitiveDataSources module NormalHashFunction { import WeakSensitiveDataHashingCustomizations::NormalHashFunction - /** - * DEPRECATED: Use `Flow` module instead. - * - * A taint-tracking configuration for detecting use of a broken or weak - * cryptographic hashing algorithm on sensitive data. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "NormalHashFunction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - sensitiveDataExtraStepForCalls(node1, node2) - } - } - private module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -73,33 +49,6 @@ module NormalHashFunction { module ComputationallyExpensiveHashFunction { import WeakSensitiveDataHashingCustomizations::ComputationallyExpensiveHashFunction - /** - * DEPRECATED: Use `Flow` module instead. - * - * A taint-tracking configuration for detecting use of a broken or weak - * cryptographic hashing algorithm on passwords. - * - * Passwords has stricter requirements on the hashing algorithm used (must be - * computationally expensive to prevent brute-force attacks). - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ComputationallyExpensiveHashFunction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - sensitiveDataExtraStepForCalls(node1, node2) - } - } - /** * Passwords has stricter requirements on the hashing algorithm used (must be * computationally expensive to prevent brute-force attacks). diff --git a/python/ql/lib/semmle/python/security/dataflow/XmlBombQuery.qll b/python/ql/lib/semmle/python/security/dataflow/XmlBombQuery.qll index dcf3939bc7861..e69e8ad63c68a 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XmlBombQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XmlBombQuery.qll @@ -11,24 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import XmlBombCustomizations::XmlBomb -/** - * DEPRECATED: Use `XmlBombFlow` module instead. - * - * A taint-tracking configuration for detecting "XML bomb" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XmlBomb" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} - private module XmlBombConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll index f8a21aedba590..2a15669f6ff0b 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll @@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import XpathInjectionCustomizations::XpathInjection -/** - * DEPRECATED: Use `XpathInjectionFlow` module instead. - * - * A taint-tracking configuration for detecting "Xpath Injection" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "Xpath Injection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - private module XpathInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/python/ql/lib/semmle/python/security/dataflow/XxeQuery.qll b/python/ql/lib/semmle/python/security/dataflow/XxeQuery.qll index 8d85d275f1e1c..da7c34a5bac3f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XxeQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XxeQuery.qll @@ -11,24 +11,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import XxeCustomizations::Xxe -/** - * DEPRECATED: Use `XxeFlow` module instead. - * - * A taint-tracking configuration for detecting "XML External Entity (XXE)" vulnerabilities. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "Xxe" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} - private module XxeConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source }