diff --git a/cpp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/cpp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..9db308c5d629 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,11 @@ +--- +category: breaking +--- +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted the deprecated `hasQualifiedName` and `isDefined` predicates from the `Declaration` class, use `hasGlobalName` and `hasDefinition` respectively instead. +* Deleted the `getFullSignature` predicate from the `Function` class, use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead. +* Deleted the deprecated `freeCall` predicate from `Alloc.qll`. Use `DeallocationExpr` instead. +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. +* Deleted the deprecated `getFieldExpr` predicate from `ClassAggregateLiteral`, use `getAFieldExpr` instead. +* Deleted the deprecated `getElementExpr` predicate from `ArrayOrVectorAggregateLiteral`, use `getAnElementExpr` instead. diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll index e733940bdc11..99cd8bfb7fdb 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll @@ -36,16 +36,6 @@ module PrivateCleartextWrite { } } - deprecated class WriteConfig extends TaintTracking::Configuration { - WriteConfig() { this = "Write configuration" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - } - private module WriteConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/cpp/ql/lib/semmle/code/cpp/Declaration.qll b/cpp/ql/lib/semmle/code/cpp/Declaration.qll index 7d7dee45aa9f..61fe2018026a 100644 --- a/cpp/ql/lib/semmle/code/cpp/Declaration.qll +++ b/cpp/ql/lib/semmle/code/cpp/Declaration.qll @@ -60,18 +60,6 @@ class Declaration extends Locatable, @declaration { */ string getQualifiedName() { result = underlyingElement(this).(Q::Declaration).getQualifiedName() } - /** - * DEPRECATED: Prefer `hasGlobalName` or the 2-argument or 3-argument - * `hasQualifiedName` predicates. To get the exact same results as this - * predicate in all edge cases, use `getQualifiedName()`. - * - * Holds if this declaration has the fully-qualified name `qualifiedName`. - * See `getQualifiedName`. - */ - deprecated predicate hasQualifiedName(string qualifiedName) { - this.getQualifiedName() = qualifiedName - } - /** * Holds if this declaration has a fully-qualified name with a name-space * component of `namespaceQualifier`, a declaring type of `typeQualifier`, @@ -185,9 +173,6 @@ class Declaration extends Locatable, @declaration { /** Holds if the declaration has a definition. */ predicate hasDefinition() { exists(this.getDefinition()) } - /** DEPRECATED: Use `hasDefinition` instead. */ - deprecated predicate isDefined() { this.hasDefinition() } - /** Gets the preferred location of this declaration, if any. */ override Location getLocation() { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/Function.qll b/cpp/ql/lib/semmle/code/cpp/Function.qll index a2d8d078024e..f23b04e19d6b 100644 --- a/cpp/ql/lib/semmle/code/cpp/Function.qll +++ b/cpp/ql/lib/semmle/code/cpp/Function.qll @@ -30,46 +30,6 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function { override string getName() { functions(underlyingElement(this), result, _) } - /** - * DEPRECATED: Use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead. - * Gets the full signature of this function, including return type, parameter - * types, and template arguments. - * - * For example, in the following code: - * ``` - * template T min(T x, T y); - * int z = min(5, 7); - * ``` - * The full signature of the function called on the last line would be - * `min(int, int) -> int`, and the full signature of the uninstantiated - * template on the first line would be `min(T, T) -> T`. - */ - deprecated string getFullSignature() { - exists(string name, string templateArgs, string args | - result = name + templateArgs + args + " -> " + this.getType().toString() and - name = this.getQualifiedName() and - ( - if exists(this.getATemplateArgument()) - then - templateArgs = - "<" + - concat(int i | - exists(this.getTemplateArgument(i)) - | - this.getTemplateArgument(i).toString(), ", " order by i - ) + ">" - else templateArgs = "" - ) and - args = - "(" + - concat(int i | - exists(this.getParameter(i)) - | - this.getParameter(i).getType().toString(), ", " order by i - ) + ")" - ) - } - /** Gets a specifier of this function. */ override Specifier getASpecifier() { funspecifiers(underlyingElement(this), unresolveElement(result)) or diff --git a/cpp/ql/lib/semmle/code/cpp/PrintAST.qll b/cpp/ql/lib/semmle/code/cpp/PrintAST.qll index ac043f47b0f7..6194710f0c58 100644 --- a/cpp/ql/lib/semmle/code/cpp/PrintAST.qll +++ b/cpp/ql/lib/semmle/code/cpp/PrintAST.qll @@ -286,9 +286,6 @@ abstract class BaseAstNode extends PrintAstNode { * Gets the AST represented by this node. */ final Locatable getAst() { result = ast } - - /** DEPRECATED: Alias for getAst */ - deprecated Locatable getAST() { result = this.getAst() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll b/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll index a6fb84d3227d..386a0e85aacb 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll @@ -7,15 +7,6 @@ import semmle.code.cpp.models.interfaces.Deallocation */ predicate freeFunction(Function f, int argNum) { argNum = f.(DeallocationFunction).getFreedArg() } -/** - * A call to a library routine that frees memory. - * - * DEPRECATED: Use `DeallocationExpr` instead (this also includes `delete` expressions). - */ -deprecated predicate freeCall(FunctionCall fc, Expr arg) { - arg = fc.(DeallocationExpr).getFreedExpr() -} - /** * Is e some kind of allocation or deallocation (`new`, `alloc`, `realloc`, `delete`, `free` etc)? */ diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll index 32e16747c22d..a36758417bb9 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll @@ -195,17 +195,6 @@ class ClassAggregateLiteral extends AggregateLiteral { */ Expr getAFieldExpr(Field field) { result = this.getFieldExpr(field, _) } - /** - * DEPRECATED: Use `getAFieldExpr` instead. - * - * Gets the expression within the aggregate literal that is used to initialize - * field `field`, if present. - * - * This predicate may have multiple results since a field can be initialized - * multiple times in the same initializer. - */ - deprecated Expr getFieldExpr(Field field) { result = this.getFieldExpr(field, _) } - /** * Gets the expression within the aggregate literal that is used to initialize * field `field`, if present. The expression is the `position`'th entry in the @@ -300,17 +289,6 @@ class ArrayOrVectorAggregateLiteral extends AggregateLiteral { */ Expr getAnElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) } - /** - * DEPRECATED: Use `getAnElementExpr` instead. - * - * Gets the expression within the aggregate literal that is used to initialize - * element `elementIndex`, if present. - * - * This predicate may have multiple results since an element can be initialized - * multiple times in the same initializer. - */ - deprecated Expr getElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) } - /** * Gets the expression within the aggregate literal that is used to initialize * element `elementIndex`, if present. The expression is the `position`'th entry diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 3b1439511d1c..359fa71744b4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll index 24135820ab8b..43217ed4c60a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll @@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable { */ abstract Language::AST getAst(); - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets an identifier string for the variable. This identifier is unique * within the function. @@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable { final override Language::AST getAst() { result = var } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override string getUniqueId() { result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } @@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable { final override Language::AST getAst() { result = ast } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll index 4db00eee6084..b63a543d9aea 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll @@ -285,9 +285,6 @@ abstract private class MemoryLocation0 extends TMemoryLocation { predicate isAlwaysAllocatedOnStack() { none() } final predicate canReuseSsa() { none() } - - /** DEPRECATED: Alias for canReuseSsa */ - deprecated predicate canReuseSSA() { this.canReuseSsa() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll index 24135820ab8b..43217ed4c60a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll @@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable { */ abstract Language::AST getAst(); - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets an identifier string for the variable. This identifier is unique * within the function. @@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable { final override Language::AST getAst() { result = var } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override string getUniqueId() { result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } @@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable { final override Language::AST getAst() { result = ast } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll index 7e3dc3cd9e2e..daa6bdaafcf6 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll @@ -216,9 +216,6 @@ abstract class TranslatedSideEffects extends TranslatedElement { final override Locatable getAst() { result = this.getExpr() } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Declaration getFunction() { result = getEnclosingDeclaration(this.getExpr()) } final override TranslatedElement getChild(int i) { @@ -616,9 +613,6 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect, final override Locatable getAst() { result = arg } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Type getIndirectionType() { result = arg.getUnspecifiedType().(DerivedType).getBaseType() or @@ -651,9 +645,6 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect final override Locatable getAst() { result = call } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() } final override string getArgString() { result = "this" } @@ -675,9 +666,6 @@ class TranslatedCallSideEffect extends TranslatedSideEffect, TTranslatedCallSide override Locatable getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override Expr getPrimaryExpr() { result = expr } override predicate sortOrder(int group, int indexInGroup) { @@ -716,9 +704,6 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl override Locatable getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override Expr getPrimaryExpr() { result = expr } override predicate sortOrder(int group, int indexInGroup) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll index 778649690685..1616c9c434b1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll @@ -29,9 +29,6 @@ abstract class TranslatedCondition extends TranslatedElement { final override Locatable getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final ConditionContext getConditionContext() { result = this.getParent() } final Expr getExpr() { result = expr } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll index 55b5aa179f4d..c0fe9cd2207d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll @@ -45,9 +45,6 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated final override string toString() { result = entry.toString() } final override Locatable getAst() { result = entry.getAst() } - - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } } /** @@ -248,9 +245,6 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement, final override Locatable getAst() { result = entry.getAst() } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override LocalVariable getVariable() { result = var } final override Declaration getFunction() { result = var.getFunction() } @@ -277,9 +271,6 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans override Locatable getAst() { result = conditionDeclExpr } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) } override LocalVariable getVariable() { result = conditionDeclExpr.getVariable() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll index 2d10b2e32a5c..917626daa0cd 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll @@ -926,9 +926,6 @@ abstract class TranslatedElement extends TTranslatedElement { */ abstract Locatable getAst(); - /** DEPRECATED: Alias for getAst */ - deprecated Locatable getAST() { result = this.getAst() } - /** Gets the location of this element. */ Location getLocation() { result = this.getAst().getLocation() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll index 3e4e83965e24..26fc341735b3 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll @@ -67,9 +67,6 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { final override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - /** * Gets the function being translated. */ @@ -483,9 +480,6 @@ class TranslatedThisParameter extends TranslatedParameter, TTranslatedThisParame final override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Function getFunction() { result = func } final override predicate hasIndirection() { any() } @@ -518,9 +512,6 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara final override Locatable getAst() { result = param } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Function getFunction() { result = param.getFunction() or result = param.getCatchBlock().getEnclosingFunction() @@ -558,9 +549,6 @@ class TranslatedEllipsisParameter extends TranslatedParameter, TTranslatedEllips final override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Function getFunction() { result = func } final override predicate hasIndirection() { any() } @@ -597,9 +585,6 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override TranslatedElement getChild(int id) { exists(ConstructorFieldInit fieldInit | fieldInit = func.(Constructor).getInitializer(id) and @@ -677,9 +662,6 @@ class TranslatedDestructorDestructionList extends TranslatedElement, override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override TranslatedElement getChild(int id) { exists(DestructorFieldDestruction fieldDestruction | fieldDestruction = func.(Destructor).getDestruction(id) and @@ -733,9 +715,6 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects { override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override Function getFunction() { result = func } override string toString() { result = "read effects: " + func.toString() } @@ -839,9 +818,6 @@ class TranslatedThisReadEffect extends TranslatedReadEffect, TTranslatedThisRead override Locatable getAst() { result = func } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override Function getFunction() { result = func } override string toString() { result = "read effect: this" } @@ -865,9 +841,6 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar override Locatable getAst() { result = param } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - override string toString() { result = "read effect: " + param.toString() } override Function getFunction() { result = param.getFunction() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll index 9b6165d07823..06ce91932051 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll @@ -153,9 +153,6 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn final override Locatable getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - /** * Gets the expression that is doing the initialization. */ @@ -528,9 +525,6 @@ abstract class TranslatedFieldInitialization extends TranslatedElement { final override Locatable getAst() { result = ast } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Declaration getFunction() { result = getEnclosingFunction(ast) or result = getEnclosingVariable(ast).(GlobalOrNamespaceVariable) or @@ -701,9 +695,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement { final override Locatable getAst() { result = initList } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Declaration getFunction() { result = getEnclosingFunction(initList) or @@ -912,9 +903,6 @@ abstract class TranslatedStructorCallFromStructor extends TranslatedElement, Str final override Locatable getAst() { result = call } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override TranslatedElement getChild(int id) { id = 0 and result = this.getStructorCall() @@ -1058,9 +1046,6 @@ class TranslatedConstructorBareInit extends TranslatedElement, TTranslatedConstr override Locatable getAst() { result = init } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override string toString() { result = "construct base (no constructor)" } override Instruction getFirstInstruction(EdgeKind kind) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll index ad17722477fb..d04514c31aab 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll @@ -268,9 +268,6 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt { final override Locatable getAst() { result = stmt } - /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = this.getAst() } - final override Function getFunction() { result = stmt.getEnclosingFunction() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll index 24135820ab8b..43217ed4c60a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll @@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable { */ abstract Language::AST getAst(); - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets an identifier string for the variable. This identifier is unique * within the function. @@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable { final override Language::AST getAst() { result = var } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override string getUniqueId() { result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } @@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable { final override Language::AST getAst() { result = ast } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index 648fa0e197b8..8bee2bf86a77 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -71,9 +71,6 @@ class MemoryLocation extends TMemoryLocation { final string getUniqueId() { result = var.getUniqueId() } final predicate canReuseSsa() { canReuseSsaForVariable(var) } - - /** DEPRECATED: Alias for canReuseSsa */ - deprecated predicate canReuseSSA() { this.canReuseSsa() } } predicate canReuseSsaForOldResult(Instruction instr) { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll b/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll index 8668ecf078c4..559ebd444f32 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll @@ -353,22 +353,6 @@ module BoostorgAsio { } //////////////////////// Dataflow ///////////////////// - /** - * Abstract class for flows of protocol values to the first argument of a context - * constructor. - */ - abstract deprecated class SslContextCallAbstractConfig extends DataFlow::Configuration { - bindingset[this] - SslContextCallAbstractConfig() { any() } - - override predicate isSink(DataFlow::Node sink) { - exists(ConstructorCall cc, SslContextClass c, Expr e | e = sink.asExpr() | - c.getAContructorCall() = cc and - cc.getArgument(0) = e - ) - } - } - /** * Signature for flows of protocol values to the first argument of a context * constructor. @@ -402,20 +386,6 @@ module BoostorgAsio { import DataFlow::Global } - /** - * Any protocol value that flows to the first argument of a context constructor. - */ - deprecated class SslContextCallConfig extends SslContextCallAbstractConfig { - SslContextCallConfig() { this = "SslContextCallConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") - ) - } - } - /** * Any protocol value that flows to the first argument of a context constructor. */ @@ -430,21 +400,6 @@ module BoostorgAsio { module SslContextCallFlow = SslContextCallGlobal; - /** - * A banned protocol value that flows to the first argument of a context constructor. - */ - deprecated class SslContextCallBannedProtocolConfig extends SslContextCallAbstractConfig { - SslContextCallBannedProtocolConfig() { this = "SslContextCallBannedProtocolConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") and - isExprBannedBoostProtocol(e) - ) - } - } - /** * A banned protocol value that flows to the first argument of a context constructor. */ @@ -461,21 +416,6 @@ module BoostorgAsio { module SslContextCallBannedProtocolFlow = SslContextCallGlobal; - /** - * A TLS 1.2 protocol value that flows to the first argument of a context constructor. - */ - deprecated class SslContextCallTls12ProtocolConfig extends SslContextCallAbstractConfig { - SslContextCallTls12ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") and - isExprTls12BoostProtocol(e) - ) - } - } - /** * A TLS 1.2 protocol value that flows to the first argument of a context constructor. */ @@ -491,21 +431,6 @@ module BoostorgAsio { module SslContextCallTls12ProtocolFlow = SslContextCallGlobal; - /** - * A TLS 1.3 protocol value that flows to the first argument of a context constructor. - */ - deprecated class SslContextCallTls13ProtocolConfig extends SslContextCallAbstractConfig { - SslContextCallTls13ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") and - isExprTls13BoostProtocol(e) - ) - } - } - /** * A TLS 1.3 protocol value that flows to the first argument of a context constructor. */ @@ -521,21 +446,6 @@ module BoostorgAsio { module SslContextCallTls13ProtocolFlow = SslContextCallGlobal; - /** - * A generic TLS protocol value that flows to the first argument of a context constructor. - */ - deprecated class SslContextCallTlsProtocolConfig extends SslContextCallAbstractConfig { - SslContextCallTlsProtocolConfig() { this = "SslContextCallTlsProtocolConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") and - isExprTlsBoostProtocol(e) - ) - } - } - /** * A generic TLS protocol value that flows to the first argument of a context constructor. */ @@ -551,30 +461,6 @@ module BoostorgAsio { module SslContextCallTlsProtocolFlow = SslContextCallGlobal; - /** - * A context constructor call that flows to a call to `SetOptions()`. - */ - deprecated class SslContextFlowsToSetOptionConfig extends DataFlow::Configuration { - SslContextFlowsToSetOptionConfig() { this = "SslContextFlowsToSetOptionConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(SslContextClass c, ConstructorCall cc | - cc = source.asExpr() and - c.getAContructorCall() = cc - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(FunctionCall fc, SslSetOptionsFunction f, Variable v, VariableAccess va | - va = sink.asExpr() - | - f.getACallToThisFunction() = fc and - v.getAnAccess() = va and - va = fc.getQualifier() - ) - } - } - /** * A context constructor call that flows to a call to `SetOptions()`. */ @@ -599,28 +485,6 @@ module BoostorgAsio { module SslContextFlowsToSetOptionFlow = DataFlow::Global; - /** - * An option value that flows to the first parameter of a call to `SetOptions()`. - */ - deprecated class SslOptionConfig extends DataFlow::Configuration { - SslOptionConfig() { this = "SslOptionConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e | e = source.asExpr() | - e.fromSource() and - not e.getLocation().getFile().toString().matches("%/boost/asio/%") - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(SslSetOptionsFunction f, FunctionCall call | - sink.asExpr() = call.getArgument(0) and - f.getACallToThisFunction() = call and - not sink.getLocation().getFile().toString().matches("%/boost/asio/%") - ) - } - } - /** * An option value that flows to the first parameter of a call to `SetOptions()`. */ diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll index 038af4f1d88f..3cff86412e49 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll +++ b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll @@ -205,20 +205,6 @@ class ChecksForLeapYearFunctionCall extends FunctionCall { ChecksForLeapYearFunctionCall() { this.getTarget() instanceof ChecksForLeapYearFunction } } -/** - * Data flow configuration for finding a variable access that would flow into - * a function call that includes an operation to check for leap year. - */ -deprecated class LeapYearCheckConfiguration extends DataFlow::Configuration { - LeapYearCheckConfiguration() { this = "LeapYearCheckConfiguration" } - - override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof VariableAccess } - - override predicate isSink(DataFlow::Node sink) { - exists(ChecksForLeapYearFunctionCall fc | sink.asExpr() = fc.getAnArgument()) - } -} - /** * Data flow configuration for finding a variable access that would flow into * a function call that includes an operation to check for leap year. @@ -233,33 +219,6 @@ private module LeapYearCheckConfig implements DataFlow::ConfigSig { module LeapYearCheckFlow = DataFlow::Global; -/** - * Data flow configuration for finding an operation with hardcoded 365 that will flow into - * a `FILEINFO` field. - */ -deprecated class FiletimeYearArithmeticOperationCheckConfiguration extends DataFlow::Configuration { - FiletimeYearArithmeticOperationCheckConfiguration() { - this = "FiletimeYearArithmeticOperationCheckConfiguration" - } - - override predicate isSource(DataFlow::Node source) { - exists(Expr e, Operation op | e = source.asExpr() | - op.getAChild*().getValue().toInt() = 365 and - op.getAChild*() = e - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(StructLikeClass dds, FieldAccess fa, AssignExpr aexpr, Expr e | e = sink.asExpr() | - dds instanceof PackedTimeType and - fa.getQualifier().getUnderlyingType() = dds and - fa.isModified() and - aexpr.getAChild() = fa and - aexpr.getChild(1).getAChild*() = e - ) - } -} - /** * Data flow configuration for finding an operation with hardcoded 365 that will flow into * a `FILEINFO` field. @@ -286,51 +245,6 @@ private module FiletimeYearArithmeticOperationCheckConfig implements DataFlow::C module FiletimeYearArithmeticOperationCheckFlow = DataFlow::Global; -/** - * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field. - */ -deprecated class PossibleYearArithmeticOperationCheckConfiguration extends TaintTracking::Configuration -{ - PossibleYearArithmeticOperationCheckConfiguration() { - this = "PossibleYearArithmeticOperationCheckConfiguration" - } - - override predicate isSource(DataFlow::Node source) { - exists(Operation op | op = source.asExpr() | - op.getAChild*().getValue().toInt() = 365 and - ( - not op.getParent() instanceof Expr or - op.getParent() instanceof Assignment - ) - ) - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - // flow from anything on the RHS of an assignment to a time/date structure to that - // assignment. - exists(StructLikeClass dds, FieldAccess fa, Assignment aexpr, Expr e | - e = node1.asExpr() and - fa = node2.asExpr() - | - (dds instanceof PackedTimeType or dds instanceof UnpackedTimeType) and - fa.getQualifier().getUnderlyingType() = dds and - aexpr.getLValue() = fa and - aexpr.getRValue().getAChild*() = e - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(StructLikeClass dds, FieldAccess fa, AssignExpr aexpr | - aexpr.getRValue() = sink.asExpr() - | - (dds instanceof PackedTimeType or dds instanceof UnpackedTimeType) and - fa.getQualifier().getUnderlyingType() = dds and - fa.isModified() and - aexpr.getLValue() = fa - ) - } -} - /** * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field. */ diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll index 53ab3b4df934..ecb60d113d86 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll @@ -129,24 +129,6 @@ class NetworkFunctionCall extends FunctionCall { NetworkFunctionCall() { this.getTarget().hasName(["ntohd", "ntohf", "ntohl", "ntohll", "ntohs"]) } } -deprecated class NetworkToBufferSizeConfiguration extends DataFlow::Configuration { - NetworkToBufferSizeConfiguration() { this = "NetworkToBufferSizeConfiguration" } - - override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall } - - override predicate isSink(DataFlow::Node node) { - node.asExpr() = any(BufferAccess ba).getAccessedLength() - } - - override predicate isBarrier(DataFlow::Node node) { - exists(GuardCondition gc, GVN gvn | - gc.getAChild*() = gvn.getAnExpr() and - globalValueNumber(node.asExpr()) = gvn and - gc.controls(node.asExpr().getBasicBlock(), _) - ) - } -} - private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall } diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll index 2d9502f2f437..f0876800874c 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll @@ -41,20 +41,6 @@ class ExternalApiDataNode extends DataFlow::Node { string getFunctionDescription() { result = this.getExternalFunction().toString() } } -/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ -deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(RemoteFlowSourceFunction remoteFlow | - remoteFlow = source.asExpr().(Call).getTarget() and - remoteFlow.hasRemoteFlowSource(_, _) - ) - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } -} - /** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll index 87e1d6bd7c5c..d094439951f2 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll @@ -41,15 +41,6 @@ class ExternalApiDataNode extends DataFlow::Node { string getFunctionDescription() { result = this.getExternalFunction().toString() } } -/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ -deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfigIR" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } -} - /** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } diff --git a/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll b/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll index 8c4c547f4c82..f7d1065fd041 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll @@ -13,9 +13,6 @@ class Node extends TNode { AST::DataFlow::Node asAst() { none() } - /** DEPRECATED: Alias for asAst */ - deprecated AST::DataFlow::Node asAST() { result = this.asAst() } - Location getLocation() { none() } } @@ -28,9 +25,6 @@ class AstNode extends Node, TAstNode { override AST::DataFlow::Node asAst() { result = n } - /** DEPRECATED: Alias for asAst */ - deprecated override AST::DataFlow::Node asAST() { result = this.asAst() } - override Location getLocation() { result = n.getLocation() } } diff --git a/csharp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..40571b3273ea --- /dev/null +++ b/csharp/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,6 @@ +--- +category: breaking +--- +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll index 3b1439511d1c..359fa71744b4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll index 3b1439511d1c..359fa71744b4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll index 3b1439511d1c..359fa71744b4 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll index 31670bce3055..82bd0d30cab5 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll @@ -58,24 +58,6 @@ class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink override string getDescription() { result = "Decryptor(rgbKey, IV)" } } -/** - * DEPRECATED: Use `SymmetricKey` instead. - * - * Symmetric Key Data Flow configuration. - */ -deprecated class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuration { - SymmetricKeyTaintTrackingConfiguration() { this = "SymmetricKeyTaintTracking" } - - /** Holds if the node is a key source. */ - override predicate isSource(DataFlow::Node src) { src instanceof KeySource } - - /** Holds if the node is a symmetric encryption key sink. */ - override predicate isSink(DataFlow::Node sink) { sink instanceof SymmetricEncryptionKeySink } - - /** Holds if the node is a key sanitizer. */ - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer } -} - /** * Symmetric Key Data Flow configuration. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll index 741635bb47fe..2e387cc2da67 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll @@ -61,33 +61,6 @@ module HardcodedSymmetricEncryptionKey { } } - /** - * DEPRECATED: Use `HardCodedSymmetricEncryption` instead. - * - * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. - */ - deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "HardcodedSymmetricEncryptionKey" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - /** - * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it. - * Need to create an additional custom step. - */ - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(MethodCall mc, CryptographicBuffer c | - pred.asExpr() = mc.getAnArgument() and - mc.getTarget() = c.getAMethod() and - succ.asExpr() = mc - ) - } - } - /** * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll index d0c46ba6448f..cbb10146a6a1 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll @@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ClearTextStorage` instead. - * - * A taint-tracking configuration for cleartext storage of sensitive information. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "ClearTextStorage" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for cleartext storage of sensitive information. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index e33c4e37d282..2b55697ebda9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `CodeInjection` instead. - * - * A taint-tracking configuration for user input treated as code vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "CodeInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for user input treated as code vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll index d0b24125ba9b..24c80c07f894 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll @@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `CommandInjection` instead. - * - * A taint-tracking configuration for command injection vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "CommandInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for command injection vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index cd7119a36af5..2bc10dead22b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -30,21 +30,6 @@ abstract class Sink extends ApiSinkExprNode { */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ConditionalBypass` instead. - * - * A taint-tracking configuration for user-controlled bypass of sensitive method. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UserControlledBypassOfSensitiveMethodConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for user-controlled bypass of sensitive method. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll index 1e5f5ae82567..0726acb05ed9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll @@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ExposureOfPrivateInformation` instead. - * - * A taint-tracking configuration for private information flowing unencrypted to an external location. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "ExposureOfPrivateInformation" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for private information flowing unencrypted to an external location. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index 41888fc25571..69a1823a4554 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -73,19 +73,6 @@ class ExternalApiDataNode extends DataFlow::Node { } } -/** - * DEPRECATED: Use `RemoteSourceToExternalApi` instead. - * - * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. - */ -deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } -} - /** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll index 63a0bb50732e..72951df2f979 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll @@ -38,46 +38,6 @@ abstract class Sink extends ApiSinkExprNode { */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `HardcodedCredentials` instead. - * - * A taint-tracking configuration for hard coded credentials. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "HardcodedCredentials" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { - sink instanceof Sink and - // Ignore values that are ultimately returned by mocks, as they don't represent "real" - // credentials. - not any(ReturnedByMockObject mock).getAMemberInitializationValue() = sink.asExpr() and - not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr() - } - - override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) { - super.hasFlowPath(source, sink) and - // Exclude hard-coded credentials in tests if they only flow to calls to methods with a name - // like "Add*" "Create*" or "Update*". The rationale is that hard-coded credentials within - // tests that are only used for creating or setting values within tests are unlikely to - // represent credentials to some accessible system. - not ( - source.getNode().asExpr().getFile() instanceof TestFile and - exists(MethodCall createOrAddCall, string createOrAddMethodName | - createOrAddMethodName.matches("Update%") or - createOrAddMethodName.matches("Create%") or - createOrAddMethodName.matches("Add%") - | - createOrAddCall.getTarget().hasName(createOrAddMethodName) and - createOrAddCall.getAnArgument() = sink.getNode().asExpr() - ) - ) - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for hard coded credentials. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll index 78800f392097..bdba76bfb5cb 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll @@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `LdapInjection` instead. - * - * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "LDAPInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll index f0153fea2d4f..7c4429bcbf84 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll @@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `LogForging` instead. - * - * A taint-tracking configuration for untrusted user input used in log entries. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "LogForging" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input used in log entries. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll index 9333b5b37f2b..4e14bed2c33e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll @@ -29,22 +29,6 @@ abstract class Sink extends ApiSinkExprNode { */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `MissingXxmlValidation` instead. - * - * A taint-tracking configuration for untrusted user input processed as XML without validation against a - * known schema. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "MissingXMLValidation" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input processed as XML without validation against a * known schema. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll index bf4fbd993233..f6225ce36bd0 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll @@ -25,21 +25,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ReDoS` instead. - * - * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "ReDoS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations. */ @@ -85,20 +70,6 @@ predicate isExponentialRegex(StringLiteral s) { s.getValue().regexpMatch(".*\\(\\([^()*+\\]]+\\]?\\)(\\*|\\+)\\.?\\)(\\*|\\+).*") } -/** - * DEPRECATED: Use `ExponentialRegexDataflow` instead. - * - * A data flow configuration for tracking exponential worst case time regular expression string - * literals to the pattern argument of a regex. - */ -deprecated class ExponentialRegexDataflow extends DataFlow2::Configuration { - ExponentialRegexDataflow() { this = "ExponentialRegex" } - - override predicate isSource(DataFlow::Node s) { isExponentialRegex(s.asExpr()) } - - override predicate isSink(DataFlow::Node s) { s.asExpr() = any(RegexOperation c).getPattern() } -} - /** * A data flow configuration for tracking exponential worst case time regular expression string * literals to the pattern argument of a regex. diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll index 1a053c29f24d..8affdb1e9dd6 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll @@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `RegexInjection` instead. - * - * A taint-tracking configuration for untrusted user input used to construct regular expressions. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "RegexInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll index fb016dcddae6..dd1c088042da 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll @@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ResourceInjection` instead. - * - * A taint-tracking configuration for untrusted user input used in resource descriptors. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "ResourceInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input used in resource descriptors. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll index 6473aa58e1cc..5a900461af70 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll @@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `SqlInjection` instead. - * - * A taint-tracking configuration for SQL injection vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for SQL injection vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll index ca2b13439cee..21c3cbdf9421 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll @@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `TaintedPath` instead. - * - * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "TaintedPath" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll index a5341aca42f8..51aef35272f4 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll @@ -51,21 +51,6 @@ abstract class Sanitizer extends DataFlow::Node { } private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { } -/** - * DEPRECATED: Use `TaintToObjectMethodTracking` instead. - * - * User input to object method call deserialization flow tracking. - */ -deprecated class TaintToObjectMethodTrackingConfig extends TaintTracking::Configuration { - TaintToObjectMethodTrackingConfig() { this = "TaintToObjectMethodTrackingConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * User input to object method call deserialization flow tracking configuration. */ @@ -82,23 +67,6 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig */ module TaintToObjectMethodTracking = TaintTracking::Global; -/** - * DEPRECATED: Use `JsonConvertTracking` instead. - * - * User input to `JsonConvert` call deserialization flow tracking. - */ -deprecated class JsonConvertTrackingConfig extends TaintTracking::Configuration { - JsonConvertTrackingConfig() { this = "JsonConvertTrackingConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { - sink instanceof NewtonsoftJsonConvertDeserializeObjectMethodSink - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * User input to `JsonConvert` call deserialization flow tracking configuration. */ @@ -117,61 +85,6 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig { */ module JsonConvertTracking = TaintTracking::Global; -/** - * DEPRECATED: Use `TypeNameTracking` instead. - * - * Tracks unsafe `TypeNameHandling` setting to `JsonConvert` call - */ -deprecated class TypeNameTrackingConfig extends DataFlow::Configuration { - TypeNameTrackingConfig() { this = "TypeNameTrackingConfig" } - - override predicate isSource(DataFlow::Node source) { - ( - source.asExpr() instanceof MemberConstantAccess and - source.getType() instanceof TypeNameHandlingEnum - or - source.asExpr() instanceof IntegerLiteral - ) and - source.asExpr().hasValue() and - not source.asExpr().getValue() = "0" - } - - override predicate isSink(DataFlow::Node sink) { - exists(MethodCall mc, Method m, Expr expr | - m = mc.getTarget() and - ( - not mc.getArgument(0).hasValue() and - m instanceof NewtonsoftJsonConvertClassDeserializeObjectMethod - ) and - expr = mc.getAnArgument() and - sink.asExpr() = expr and - expr.getType() instanceof JsonSerializerSettingsClass - ) - } - - override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - node1.asExpr() instanceof IntegerLiteral and - node2.asExpr().(CastExpr).getExpr() = node1.asExpr() - or - node1.getType() instanceof TypeNameHandlingEnum and - exists(PropertyWrite pw, Property p, Assignment a | - a.getLValue() = pw and - pw.getProperty() = p and - p.getDeclaringType() instanceof JsonSerializerSettingsClass and - p.hasName("TypeNameHandling") and - ( - node1.asExpr() = a.getRValue() and - node2.asExpr() = pw.getQualifier() - or - exists(ObjectInitializer oi | - node1.asExpr() = oi.getAMemberInitializer().getRValue() and - node2.asExpr() = oi - ) - ) - ) - } -} - /** * Configuration module for tracking unsafe `TypeNameHandling` setting to `JsonConvert` calls. */ @@ -228,24 +141,6 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig { */ module TypeNameTracking = DataFlow::Global; -/** - * DEPRECATED: Use `TaintToConstructorOrStaticMethodTracking` instead. - * - * User input to static method or constructor call deserialization flow tracking. - */ -deprecated class TaintToConstructorOrStaticMethodTrackingConfig extends TaintTracking::Configuration -{ - TaintToConstructorOrStaticMethodTrackingConfig() { - this = "TaintToConstructorOrStaticMethodTrackingConfig" - } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ConstructorOrStaticMethodSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * User input to static method or constructor call deserialization flow tracking configuration. */ @@ -263,41 +158,6 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo module TaintToConstructorOrStaticMethodTracking = TaintTracking::Global; -/** - * DEPRECATED: Use `TaintToObjectTypeTracking` instead. - * - * User input to instance type flow tracking. - */ -deprecated class TaintToObjectTypeTrackingConfig extends TaintTracking2::Configuration { - TaintToObjectTypeTrackingConfig() { this = "TaintToObjectTypeTrackingConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { - exists(MethodCall mc | - mc.getTarget() instanceof UnsafeDeserializer and - sink.asExpr() = mc.getQualifier() - ) - } - - override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - exists(MethodCall mc, Method m | - m = mc.getTarget() and - m.getDeclaringType().hasFullyQualifiedName("System", "Type") and - m.hasName("GetType") and - m.isStatic() and - n1.asExpr() = mc.getArgument(0) and - n2.asExpr() = mc - ) - or - exists(ObjectCreation oc | - n1.asExpr() = oc.getAnArgument() and - n2.asExpr() = oc and - oc.getObjectType() instanceof StrongTypeDeserializer - ) - } -} - /** * User input to instance type flow tracking config. */ @@ -334,29 +194,6 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig { */ module TaintToObjectTypeTracking = TaintTracking::Global; -/** - * DEPRECATED: Use `WeakTypeCreationToUsageTracking` instead. - * - * Unsafe deserializer creation to usage tracking config. - */ -deprecated class WeakTypeCreationToUsageTrackingConfig extends TaintTracking2::Configuration { - WeakTypeCreationToUsageTrackingConfig() { this = "DeserializerCreationToUsageTrackingConfig" } - - override predicate isSource(DataFlow::Node source) { - exists(ObjectCreation oc | - oc.getObjectType() instanceof WeakTypeDeserializer and - source.asExpr() = oc - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(MethodCall mc | - mc.getTarget() instanceof UnsafeDeserializer and - sink.asExpr() = mc.getQualifier() - ) - } -} - /** * Unsafe deserializer creation to usage tracking config. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index b21d5846bf56..09f6130985f4 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -28,21 +28,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `UrlRedirect` instead. - * - * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "UrlRedirect" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll index 0bb842adf79d..4efeadb3c7e6 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll @@ -44,26 +44,6 @@ private class InsecureXmlSink extends Sink { */ abstract class Sanitizer extends DataFlow::Node { } -/** - * DEPRECATED: Use `XmlEntityInjection` instead. - * - * A taint-tracking configuration for untrusted user input used in XML processing. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "XMLInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) { - super.hasFlowPath(source, sink) and - exists(sink.getNode().(Sink).getReason()) - } -} - /** * A taint-tracking configuration for untrusted user input used in XML processing. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll index c471a4324251..0e8e41c9773b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll @@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `XpathInjection` instead. - * - * A taint-tracking configuration for untrusted user input used in XPath expression. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "XPathInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for untrusted user input used in XPath expression. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll index b9fd47689f95..4ea9e562bb5f 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll @@ -141,21 +141,6 @@ abstract class Source extends DataFlow::Node { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `XssTracking` instead. - * - * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking2::Configuration { - TaintTrackingConfiguration() { this = "XSSDataFlowConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll index 93e7b601585d..fad3917553dd 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll @@ -21,21 +21,6 @@ abstract class Sink extends ApiSinkExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `ZipSlip` instead. - * - * A taint tracking configuration for Zip Slip. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "ZipSlipTaintTracking" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint tracking configuration for Zip Slip. */ diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll index e3459dfb1ac3..eea18ae3b6e8 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll @@ -37,21 +37,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `TaintedWebClient` instead. - * - * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. - */ -deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration { - TaintTrackingConfiguration() { this = "TaintedWebClientLib" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities. */ diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll index e1c6875d9528..dac68adfcc15 100644 --- a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll +++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll @@ -23,39 +23,6 @@ module RequestForgery { */ abstract private class Barrier extends DataFlow::Node { } - /** - * DEPRECATED: Use `RequestForgeryFlow` instead. - * - * A data flow configuration for detecting server side request forgery vulnerabilities. - */ - deprecated class RequestForgeryConfiguration extends DataFlow::Configuration { - RequestForgeryConfiguration() { this = "Server Side Request forgery" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) { - interpolatedStringFlowStep(prev, succ) - or - stringReplaceStep(prev, succ) - or - uriCreationStep(prev, succ) - or - formatConvertStep(prev, succ) - or - toStringStep(prev, succ) - or - stringConcatStep(prev, succ) - or - stringFormatStep(prev, succ) - or - pathCombineStep(prev, succ) - } - - override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier } - } - /** * A data flow configuration for detecting server side request forgery vulnerabilities. */ diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll index 6f86497b41ef..476b17e4c695 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll @@ -18,27 +18,6 @@ class TokenValidationParametersPropertySensitiveValidation extends Property { } } -/** - * DEPRECATED: Use `FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation` instead. - * - * A dataflow from a `false` value to a write sensitive property for `TokenValidationParameters`. - */ -deprecated class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation extends DataFlow::Configuration -{ - FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation() { - this = "FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation" - } - - override predicate isSource(DataFlow::Node source) { - source.asExpr().getValue() = "false" and - source.asExpr().getType() instanceof BoolType - } - - override predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(TokenValidationParametersPropertySensitiveValidation p).getAnAssignedValue() - } -} - /** * A dataflow configuration from a `false` value to a write sensitive property for `TokenValidationParameters`. */ diff --git a/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll b/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll index b61bd86ec4e2..928cf3bdc4f4 100644 --- a/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll +++ b/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll @@ -40,26 +40,6 @@ private module AuthCookieNameConfig implements DataFlow::ConfigSig { */ private module AuthCookieName = DataFlow::Global; -/** - * DEPRECATED: Use `CookieOptionsTracking` instead. - * - * Tracks creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)` call as a third parameter. - */ -deprecated class CookieOptionsTrackingConfiguration extends DataFlow::Configuration { - CookieOptionsTrackingConfiguration() { this = "CookieOptionsTrackingConfiguration" } - - override predicate isSource(DataFlow::Node source) { - source.asExpr().(ObjectCreation).getType() instanceof MicrosoftAspNetCoreHttpCookieOptions - } - - override predicate isSink(DataFlow::Node sink) { - exists(MicrosoftAspNetCoreHttpResponseCookies iResponse, MethodCall mc | - iResponse.getAppendMethod() = mc.getTarget() and - mc.getArgument(2) = sink.asExpr() - ) - } -} - /** * Configuration module tracking creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)` * calls as a third parameter. @@ -134,28 +114,6 @@ Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) { */ predicate isPropertySet(ObjectCreation oc, string prop) { exists(getAValueForProp(oc, _, prop)) } -/** - * DEPRECATED: Use `OnAppendCookieSecureTracking` instead. - * - * Tracks if a callback used in `OnAppendCookie` sets `Secure` to `true`. - */ -deprecated class OnAppendCookieSecureTrackingConfig extends OnAppendCookieTrackingConfig { - OnAppendCookieSecureTrackingConfig() { this = "OnAppendCookieSecureTrackingConfig" } - - override string propertyName() { result = "Secure" } -} - -/** - * DEPRECATED: Use `OnAppendCookieHttpOnlyTracking` instead. - * - * Tracks if a callback used in `OnAppendCookie` sets `HttpOnly` to `true`. - */ -deprecated class OnAppendCookieHttpOnlyTrackingConfig extends OnAppendCookieTrackingConfig { - OnAppendCookieHttpOnlyTrackingConfig() { this = "OnAppendCookieHttpOnlyTrackingConfig" } - - override string propertyName() { result = "HttpOnly" } -} - /** * Tracks if a callback used in `OnAppendCookie` sets a cookie property to `true`. */ diff --git a/go/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/go/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..4826864fcc23 --- /dev/null +++ b/go/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: breaking +--- +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. diff --git a/go/ql/lib/semmle/go/Scopes.qll b/go/ql/lib/semmle/go/Scopes.qll index 04cb65fa987e..7386b81868fc 100644 --- a/go/ql/lib/semmle/go/Scopes.qll +++ b/go/ql/lib/semmle/go/Scopes.qll @@ -197,8 +197,11 @@ class PackageEntity extends Entity, @pkgobject { } /** A built-in or declared named type. */ class TypeEntity extends Entity, @typeobject { } +/** The parent of a type parameter type, either a declared type or a declared function. */ +class TypeParamParentEntity extends Entity, @typeparamparentobject { } + /** A declared named type. */ -class DeclaredType extends TypeEntity, DeclaredEntity, @decltypeobject { +class DeclaredType extends TypeEntity, DeclaredEntity, TypeParamParentEntity, @decltypeobject { /** Gets the declaration specifier declaring this type. */ TypeSpec getSpec() { result.getNameExpr() = this.getDeclaration() } } @@ -598,7 +601,7 @@ class PromotedMethod extends Method { } /** A declared function. */ -class DeclaredFunction extends Function, DeclaredEntity, @declfunctionobject { +class DeclaredFunction extends Function, DeclaredEntity, TypeParamParentEntity, @declfunctionobject { override FuncDecl getFuncDecl() { result.getNameExpr() = this.getDeclaration() } override predicate mayHaveSideEffects() { diff --git a/go/ql/lib/semmle/go/Types.qll b/go/ql/lib/semmle/go/Types.qll index 026b009aa3fa..645f0e3fe67e 100644 --- a/go/ql/lib/semmle/go/Types.qll +++ b/go/ql/lib/semmle/go/Types.qll @@ -381,6 +381,12 @@ class TypeParamType extends @typeparamtype, CompositeType { override InterfaceType getUnderlyingType() { result = this.getConstraint().getUnderlyingType() } + /** Gets the parent object of this type parameter type. */ + TypeParamParentEntity getParent() { typeparam(this, _, _, result, _) } + + /** Gets the index of this type parameter type. */ + int getIndex() { typeparam(this, _, _, _, result) } + override string pp() { result = this.getParamName() } /** diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll index 8d01d8b81636..9531e2798129 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll @@ -13,21 +13,6 @@ import go module AllocationSizeOverflow { import AllocationSizeOverflowCustomizations::AllocationSizeOverflow - /** - * DEPRECATED: Use copies of `FindLargeLensConfig` and `FindLargeLensFlow` instead. - * - * A taint-tracking configuration for identifying `len(...)` calls whose argument may be large. - */ - deprecated class FindLargeLensConfiguration extends TaintTracking2::Configuration { - FindLargeLensConfiguration() { this = "AllocationSizeOverflow::FindLargeLens" } - - override predicate isSource(DataFlow::Node nd) { nd instanceof Source } - - override predicate isSink(DataFlow::Node nd) { nd = Builtin::len().getACall().getArgument(0) } - - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } - } - private module FindLargeLensConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node nd) { nd instanceof Source } @@ -47,39 +32,6 @@ module AllocationSizeOverflow { ) } - /** - * DEPRECATED: Use `Flow` instead. - * - * A taint-tracking configuration for identifying allocation-size overflows. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "AllocationSizeOverflow" } - - override predicate isSource(DataFlow::Node nd) { nd instanceof Source } - - /** - * Holds if `nd` is at a position where overflow might occur, and its result is used to compute - * allocation size `allocsz`. - */ - predicate isSinkWithAllocationSize(DataFlow::Node nd, DataFlow::Node allocsz) { - nd.(Sink).getAllocationSize() = allocsz - } - - override predicate isSink(DataFlow::Node nd) { this.isSinkWithAllocationSize(nd, _) } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - additionalStep(pred, succ) - or - exists(DataFlow::CallNode c | - c = getALargeLenCall() and - pred = c.getArgument(0) and - succ = c - ) - } - - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } - } - /** * Holds if `nd` is at a position where overflow might occur, and its result is used to compute * allocation size `allocsz`. diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index bde5a443503d..7dc6f3991fc1 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -16,27 +16,6 @@ import go module CommandInjection { import CommandInjectionCustomizations::CommandInjection - /** - * DEPRECATED: Use `Flow` instead. - * - * A taint-tracking configuration for reasoning about command-injection vulnerabilities - * with sinks which are not sanitized by `--`. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { - exists(Sink s | sink = s | not s.doubleDashIsSanitizing()) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - } - private module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -92,28 +71,6 @@ module CommandInjection { } } - /** - * DEPRECATED: Use `DoubleDashSanitizingFlow` instead. - * - * A taint-tracking configuration for reasoning about command-injection vulnerabilities - * with sinks which are sanitized by `--`. - */ - deprecated class DoubleDashSanitizingConfiguration extends TaintTracking::Configuration { - DoubleDashSanitizingConfiguration() { this = "CommandInjectionWithDoubleDashSanitizer" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { - exists(Sink s | sink = s | s.doubleDashIsSanitizing()) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer or - node = any(ArgumentArrayWithDoubleDash array).getASanitizedElement() - } - } - private module DoubleDashSanitizingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll index 76d396f2b641..5eb41dd2579a 100644 --- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll +++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll @@ -182,19 +182,6 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode { } } -/** - * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead. - * - * A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. - */ -deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } -} - private module UntrustedDataConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } @@ -206,19 +193,6 @@ private module UntrustedDataConfig implements DataFlow::ConfigSig { */ module UntrustedDataToExternalApiFlow = DataFlow::Global; -/** - * DEPRECATED: Use `UntrustedDataToUnknownExternalApiFlow` instead. - * - * A configuration for tracking flow from `ThreatModelFlowSource`s to `UnknownExternalApiDataNode`s. - */ -deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode } -} - private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } diff --git a/go/ql/lib/semmle/go/security/LogInjection.qll b/go/ql/lib/semmle/go/security/LogInjection.qll index cb454716a8fc..d8bc586ed916 100644 --- a/go/ql/lib/semmle/go/security/LogInjection.qll +++ b/go/ql/lib/semmle/go/security/LogInjection.qll @@ -14,21 +14,6 @@ import go module LogInjection { import LogInjectionCustomizations::LogInjection - /** - * DEPRECATED: Use `Flow` instead. - * - * A taint-tracking configuration for reasoning about log injection vulnerabilities. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "LogInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } - } - /** Config for reasoning about log injection vulnerabilities. */ module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected b/go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected index bb614a4b41c5..49a00ade7ab9 100644 --- a/go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected +++ b/go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected @@ -1,30 +1,161 @@ -| E | Ordered | -| E | comparable | -| E | interface { } | -| E1 | interface { } | -| E2 | interface { } | -| Edge | EdgeConstraint | -| Edge | interface { } | -| F | floaty | -| K | comparable | -| Node | NodeConstraint | -| Node | interface { } | -| S | interface { } | -| S | interface { ~[]E } | -| S1 | interface { ~[]E1 } | -| S2 | interface { ~[]E2 } | -| SF2 | interface { } | -| SG2 | interface { } | -| T | Ordered | -| T | comparable | -| T | interface { string \| []uint8 } | -| T | interface { } | -| T1 | interface { } | -| T2 | interface { } | -| TF1 | interface { } | -| TF2 | interface { } | -| TG1 | interface { } | -| TG2 | interface { } | -| U | interface { } | -| V | interface { int64 \| float64 } | -| bytes | interface { []uint8 \| string } | +| cmp.Compare | 0 | T | Ordered | +| cmp.Less | 0 | T | Ordered | +| cmp.Or | 0 | T | comparable | +| cmp.isNaN | 0 | T | Ordered | +| codeql-go-tests/function.EdgeConstraint | 0 | Node | interface { } | +| codeql-go-tests/function.Element | 0 | S | interface { } | +| codeql-go-tests/function.GenericFunctionInAnotherFile | 0 | T | interface { } | +| codeql-go-tests/function.GenericFunctionOneTypeParam | 0 | T | interface { } | +| codeql-go-tests/function.GenericFunctionTwoTypeParams | 0 | K | comparable | +| codeql-go-tests/function.GenericFunctionTwoTypeParams | 1 | V | interface { int64 \| float64 } | +| codeql-go-tests/function.GenericStruct1 | 0 | T | interface { } | +| codeql-go-tests/function.GenericStruct1.f1 | 0 | TF1 | interface { } | +| codeql-go-tests/function.GenericStruct1.g1 | 0 | TG1 | interface { } | +| codeql-go-tests/function.GenericStruct2 | 0 | S | interface { } | +| codeql-go-tests/function.GenericStruct2 | 1 | T | interface { } | +| codeql-go-tests/function.GenericStruct2.f2 | 0 | SF2 | interface { } | +| codeql-go-tests/function.GenericStruct2.f2 | 1 | TF2 | interface { } | +| codeql-go-tests/function.GenericStruct2.g2 | 0 | SG2 | interface { } | +| codeql-go-tests/function.GenericStruct2.g2 | 1 | TG2 | interface { } | +| codeql-go-tests/function.Graph | 0 | Node | NodeConstraint | +| codeql-go-tests/function.Graph | 1 | Edge | EdgeConstraint | +| codeql-go-tests/function.Graph.ShortestPath | 0 | Node | NodeConstraint | +| codeql-go-tests/function.Graph.ShortestPath | 1 | Edge | EdgeConstraint | +| codeql-go-tests/function.List | 0 | T | interface { } | +| codeql-go-tests/function.List.MyLen | 0 | U | interface { } | +| codeql-go-tests/function.New | 0 | Node | NodeConstraint | +| codeql-go-tests/function.New | 1 | Edge | EdgeConstraint | +| codeql-go-tests/function.NodeConstraint | 0 | Edge | interface { } | +| github.com/anotherpkg.GenericFunctionInAnotherPackage | 0 | T | interface { } | +| internal/bytealg.HashStr | 0 | T | interface { string \| []uint8 } | +| internal/bytealg.HashStrRev | 0 | T | interface { string \| []uint8 } | +| internal/bytealg.IndexRabinKarp | 0 | T | interface { string \| []uint8 } | +| internal/bytealg.LastIndexRabinKarp | 0 | T | interface { string \| []uint8 } | +| runtime.fandbits | 0 | F | floaty | +| runtime.fmax | 0 | F | floaty | +| runtime.fmin | 0 | F | floaty | +| runtime.forbits | 0 | F | floaty | +| runtime.noEscapePtr | 0 | T | interface { } | +| runtime/internal/atomic.Pointer.CompareAndSwap | 0 | T | interface { } | +| runtime/internal/atomic.Pointer.CompareAndSwapNoWB | 0 | T | interface { } | +| runtime/internal/atomic.Pointer.Load | 0 | T | interface { } | +| runtime/internal/atomic.Pointer.Store | 0 | T | interface { } | +| runtime/internal/atomic.Pointer.StoreNoWB | 0 | T | interface { } | +| slices.BinarySearch | 0 | S | interface { ~[]E } | +| slices.BinarySearch | 1 | E | Ordered | +| slices.BinarySearchFunc | 0 | S | interface { ~[]E } | +| slices.BinarySearchFunc | 1 | E | interface { } | +| slices.BinarySearchFunc | 2 | T | interface { } | +| slices.Clip | 0 | S | interface { ~[]E } | +| slices.Clip | 1 | E | interface { } | +| slices.Clone | 0 | S | interface { ~[]E } | +| slices.Clone | 1 | E | interface { } | +| slices.Compact | 0 | S | interface { ~[]E } | +| slices.Compact | 1 | E | comparable | +| slices.CompactFunc | 0 | S | interface { ~[]E } | +| slices.CompactFunc | 1 | E | interface { } | +| slices.Compare | 0 | S | interface { ~[]E } | +| slices.Compare | 1 | E | Ordered | +| slices.CompareFunc | 0 | S1 | interface { ~[]E1 } | +| slices.CompareFunc | 1 | S2 | interface { ~[]E2 } | +| slices.CompareFunc | 2 | E1 | interface { } | +| slices.CompareFunc | 3 | E2 | interface { } | +| slices.Concat | 0 | S | interface { ~[]E } | +| slices.Concat | 1 | E | interface { } | +| slices.Contains | 0 | S | interface { ~[]E } | +| slices.Contains | 1 | E | comparable | +| slices.ContainsFunc | 0 | S | interface { ~[]E } | +| slices.ContainsFunc | 1 | E | interface { } | +| slices.Delete | 0 | S | interface { ~[]E } | +| slices.Delete | 1 | E | interface { } | +| slices.DeleteFunc | 0 | S | interface { ~[]E } | +| slices.DeleteFunc | 1 | E | interface { } | +| slices.Equal | 0 | S | interface { ~[]E } | +| slices.Equal | 1 | E | comparable | +| slices.EqualFunc | 0 | S1 | interface { ~[]E1 } | +| slices.EqualFunc | 1 | S2 | interface { ~[]E2 } | +| slices.EqualFunc | 2 | E1 | interface { } | +| slices.EqualFunc | 3 | E2 | interface { } | +| slices.Grow | 0 | S | interface { ~[]E } | +| slices.Grow | 1 | E | interface { } | +| slices.Index | 0 | S | interface { ~[]E } | +| slices.Index | 1 | E | comparable | +| slices.IndexFunc | 0 | S | interface { ~[]E } | +| slices.IndexFunc | 1 | E | interface { } | +| slices.Insert | 0 | S | interface { ~[]E } | +| slices.Insert | 1 | E | interface { } | +| slices.IsSorted | 0 | S | interface { ~[]E } | +| slices.IsSorted | 1 | E | Ordered | +| slices.IsSortedFunc | 0 | S | interface { ~[]E } | +| slices.IsSortedFunc | 1 | E | interface { } | +| slices.Max | 0 | S | interface { ~[]E } | +| slices.Max | 1 | E | Ordered | +| slices.MaxFunc | 0 | S | interface { ~[]E } | +| slices.MaxFunc | 1 | E | interface { } | +| slices.Min | 0 | S | interface { ~[]E } | +| slices.Min | 1 | E | Ordered | +| slices.MinFunc | 0 | S | interface { ~[]E } | +| slices.MinFunc | 1 | E | interface { } | +| slices.Replace | 0 | S | interface { ~[]E } | +| slices.Replace | 1 | E | interface { } | +| slices.Reverse | 0 | S | interface { ~[]E } | +| slices.Reverse | 1 | E | interface { } | +| slices.Sort | 0 | S | interface { ~[]E } | +| slices.Sort | 1 | E | Ordered | +| slices.SortFunc | 0 | S | interface { ~[]E } | +| slices.SortFunc | 1 | E | interface { } | +| slices.SortStableFunc | 0 | S | interface { ~[]E } | +| slices.SortStableFunc | 1 | E | interface { } | +| slices.breakPatternsCmpFunc | 0 | E | interface { } | +| slices.breakPatternsOrdered | 0 | E | Ordered | +| slices.choosePivotCmpFunc | 0 | E | interface { } | +| slices.choosePivotOrdered | 0 | E | Ordered | +| slices.heapSortCmpFunc | 0 | E | interface { } | +| slices.heapSortOrdered | 0 | E | Ordered | +| slices.insertionSortCmpFunc | 0 | E | interface { } | +| slices.insertionSortOrdered | 0 | E | Ordered | +| slices.isNaN | 0 | T | Ordered | +| slices.medianAdjacentCmpFunc | 0 | E | interface { } | +| slices.medianAdjacentOrdered | 0 | E | Ordered | +| slices.medianCmpFunc | 0 | E | interface { } | +| slices.medianOrdered | 0 | E | Ordered | +| slices.order2CmpFunc | 0 | E | interface { } | +| slices.order2Ordered | 0 | E | Ordered | +| slices.overlaps | 0 | E | interface { } | +| slices.partialInsertionSortCmpFunc | 0 | E | interface { } | +| slices.partialInsertionSortOrdered | 0 | E | Ordered | +| slices.partitionCmpFunc | 0 | E | interface { } | +| slices.partitionEqualCmpFunc | 0 | E | interface { } | +| slices.partitionEqualOrdered | 0 | E | Ordered | +| slices.partitionOrdered | 0 | E | Ordered | +| slices.pdqsortCmpFunc | 0 | E | interface { } | +| slices.pdqsortOrdered | 0 | E | Ordered | +| slices.reverseRangeCmpFunc | 0 | E | interface { } | +| slices.reverseRangeOrdered | 0 | E | Ordered | +| slices.rotateCmpFunc | 0 | E | interface { } | +| slices.rotateLeft | 0 | E | interface { } | +| slices.rotateOrdered | 0 | E | Ordered | +| slices.rotateRight | 0 | E | interface { } | +| slices.siftDownCmpFunc | 0 | E | interface { } | +| slices.siftDownOrdered | 0 | E | Ordered | +| slices.stableCmpFunc | 0 | E | interface { } | +| slices.stableOrdered | 0 | E | Ordered | +| slices.startIdx | 0 | E | interface { } | +| slices.swap | 0 | E | interface { } | +| slices.swapRangeCmpFunc | 0 | E | interface { } | +| slices.swapRangeOrdered | 0 | E | Ordered | +| slices.symMergeCmpFunc | 0 | E | interface { } | +| slices.symMergeOrdered | 0 | E | Ordered | +| sync.OnceValue | 0 | T | interface { } | +| sync.OnceValues | 0 | T1 | interface { } | +| sync.OnceValues | 1 | T2 | interface { } | +| sync/atomic.Pointer | 0 | T | interface { } | +| sync/atomic.Pointer.CompareAndSwap | 0 | T | interface { } | +| sync/atomic.Pointer.Load | 0 | T | interface { } | +| sync/atomic.Pointer.Store | 0 | T | interface { } | +| sync/atomic.Pointer.Swap | 0 | T | interface { } | +| time.atoi | 0 | bytes | interface { []uint8 \| string } | +| time.isDigit | 0 | bytes | interface { []uint8 \| string } | +| time.leadingInt | 0 | bytes | interface { []uint8 \| string } | +| time.parseNanoseconds | 0 | bytes | interface { []uint8 \| string } | +| time.parseRFC3339 | 0 | bytes | interface { []uint8 \| string } | diff --git a/go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql b/go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql index a4167f8d7022..9170c0d35ed0 100644 --- a/go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql +++ b/go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql @@ -1,4 +1,5 @@ import go -from TypeParamType tpt -select tpt.getParamName(), tpt.getConstraint().pp() +from TypeParamType tpt, TypeParamParentEntity ty +where ty = tpt.getParent() +select ty.getQualifiedName(), tpt.getIndex(), tpt.getParamName(), tpt.getConstraint().pp() diff --git a/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll b/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll index 13fbbe5d36f1..8c8ad1a2df47 100644 --- a/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll +++ b/java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll @@ -6,7 +6,6 @@ private import java private import semmle.code.Location as Location private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.TaintTracking -private import semmle.code.java.security.PathCreation private import semmle.code.java.dataflow.ExternalFlow as ExternalFlow private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import semmle.code.java.security.ExternalAPIs as ExternalAPIs diff --git a/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll b/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll index 357b3a7573cb..8985e6022ebf 100644 --- a/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll @@ -6,7 +6,6 @@ private import java private import semmle.code.Location as Location private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.TaintTracking -private import semmle.code.java.security.PathCreation private import semmle.code.java.dataflow.ExternalFlow as ExternalFlow private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import semmle.code.java.security.ExternalAPIs as ExternalAPIs diff --git a/java/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/java/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..a1477ef25cef --- /dev/null +++ b/java/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,11 @@ +--- +category: breaking +--- +* Deleted the deprecated `ProcessBuilderConstructor`, `MethodProcessBuilderCommand`, and `MethodRuntimeExec` from `JDK.qll`. +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. +* Deleted the deprecated `getURI` predicate from `CamelJavaDslToDecl` and `SpringCamelXmlToElement`, use `getUri` instead. +* Deleted the deprecated `ExecCallable` class from `ExternalProcess.qll`. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted the deprecated `PathCreation.qll` file. +* Deleted the deprecated `WebviewDubuggingEnabledQuery.qll` file. diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll index 55d420dbcaec..ee86cf0a1913 100644 --- a/java/ql/lib/semmle/code/java/JDK.qll +++ b/java/ql/lib/semmle/code/java/JDK.qll @@ -210,39 +210,6 @@ class TypeFile extends Class { } // --- Standard methods --- -/** - * DEPRECATED: Any constructor of class `java.lang.ProcessBuilder`. - */ -deprecated class ProcessBuilderConstructor extends Constructor, ExecCallable { - ProcessBuilderConstructor() { this.getDeclaringType() instanceof TypeProcessBuilder } - - override int getAnExecutedArgument() { result = 0 } -} - -/** - * DEPRECATED: Any of the methods named `command` on class `java.lang.ProcessBuilder`. - */ -deprecated class MethodProcessBuilderCommand extends Method, ExecCallable { - MethodProcessBuilderCommand() { - this.hasName("command") and - this.getDeclaringType() instanceof TypeProcessBuilder - } - - override int getAnExecutedArgument() { result = 0 } -} - -/** - * DEPRECATED: Any method named `exec` on class `java.lang.Runtime`. - */ -deprecated class MethodRuntimeExec extends Method, ExecCallable { - MethodRuntimeExec() { - this.hasName("exec") and - this.getDeclaringType() instanceof TypeRuntime - } - - override int getAnExecutedArgument() { result = 0 } -} - /** * Any method named `getenv` on class `java.lang.System`. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 3b1439511d1c..359fa71744b4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll b/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll index 9dc6510c5e78..d40e7ebf81e9 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JsonIo.qll @@ -43,34 +43,6 @@ class JsonIoUseMapsSetter extends MethodCall { } } -/** - * DEPRECATED: Use `SafeJsonIoFlow` instead. - * - * A data flow configuration tracing flow from JsonIo safe settings. - */ -deprecated class SafeJsonIoConfig extends DataFlow2::Configuration { - SafeJsonIoConfig() { this = "UnsafeDeserialization::SafeJsonIoConfig" } - - override predicate isSource(DataFlow::Node src) { - exists(MethodCall ma | - ma instanceof JsonIoUseMapsSetter and - src.asExpr() = ma.getQualifier() - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(MethodCall ma | - ma.getMethod() instanceof JsonIoJsonToJavaMethod and - sink.asExpr() = ma.getArgument(1) - ) - or - exists(ClassInstanceExpr cie | - cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader and - sink.asExpr() = cie.getArgument(1) - ) - } -} - /** * A data flow configuration tracing flow from JsonIo safe settings. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll index 79c476cdf207..ed09baf8ead2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll +++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll @@ -42,9 +42,6 @@ class CamelJavaDslToDecl extends ProcessorDefinitionElement { * Gets the URI specified by this `to` declaration. */ string getUri() { result = this.getArgument(0).(CompileTimeConstantExpr).getStringValue() } - - /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = this.getUri() } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll index 985565255b6e..6fec620ccd55 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll @@ -97,9 +97,6 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement { * Gets the URI attribute for this `` element. */ string getUri() { result = this.getAttribute("uri").getValue() } - - /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = this.getUri() } } /** diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll index 42d420a76b3f..b179a4f92e07 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll @@ -7,27 +7,6 @@ import semmle.code.java.dataflow.TaintTracking deprecated import semmle.code.java.dataflow.TaintTracking3 import semmle.code.java.security.AndroidIntentRedirection -/** - * DEPRECATED: Use `IntentRedirectionFlow` instead. - * - * A taint tracking configuration for tainted Intents being used to start Android components. - */ -deprecated class IntentRedirectionConfiguration extends TaintTracking::Configuration { - IntentRedirectionConfiguration() { this = "IntentRedirectionConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof IntentRedirectionSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(IntentRedirectionAdditionalTaintStep c).step(node1, node2) - } -} - /** A taint tracking configuration for tainted Intents being used to start Android components. */ module IntentRedirectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } diff --git a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll index a4f9713ac308..2ba13c06feb8 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll @@ -122,36 +122,6 @@ private predicate isStartActivityOrServiceSink(DataFlow::Node arg) { ) } -/** - * DEPRECATED: Use `SensitiveCommunicationFlow` instead. - * - * Taint configuration tracking flow from variables containing sensitive information to broadcast Intents. - */ -deprecated class SensitiveCommunicationConfig extends TaintTracking::Configuration { - SensitiveCommunicationConfig() { this = "Sensitive Communication Configuration" } - - override predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof SensitiveInfoExpr - } - - override predicate isSink(DataFlow::Node sink) { - isSensitiveBroadcastSink(sink) - or - isStartActivityOrServiceSink(sink) - } - - /** - * Holds if broadcast doesn't specify receiving package name of the 3rd party app - */ - override predicate isSanitizer(DataFlow::Node node) { node instanceof ExplicitIntentSanitizer } - - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - super.allowImplicitRead(node, c) - or - this.isSink(node) - } -} - /** * A sensitive communication sink node. */ diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll index 903dae5d67ec..692bdfc1a708 100644 --- a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll @@ -109,37 +109,3 @@ predicate execIsTainted( InputToArgumentToExecFlow::flowPath(source, sink) and argumentToExec(execArg, sink.getNode()) } - -/** - * DEPRECATED: Use `execIsTainted` instead. - * - * Implementation of `ExecTainted.ql`. It is extracted to a QLL - * so that it can be excluded from `ExecUnescaped.ql` to avoid - * reporting overlapping results. - */ -deprecated predicate execTainted(DataFlow::PathNode source, DataFlow::PathNode sink, Expr execArg) { - exists(RemoteUserInputToArgumentToExecFlowConfig conf | - conf.hasFlowPath(source, sink) and argumentToExec(execArg, sink.getNode()) - ) -} - -/** - * DEPRECATED: Use `RemoteUserInputToArgumentToExecFlow` instead. - * - * A taint-tracking configuration for unvalidated user input that is used to run an external process. - */ -deprecated class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration { - RemoteUserInputToArgumentToExecFlowConfig() { - this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig" - } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof CommandInjectionSanitizer } - - override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - any(CommandInjectionAdditionalTaintStep s).step(n1, n2) - } -} diff --git a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll index 63a931345120..96d3c5a528c3 100644 --- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll @@ -36,23 +36,6 @@ private predicate endsWithStep(DataFlow::Node node1, DataFlow::Node node2) { ) } -/** - * DEPRECATED: Use `ConditionalBypassFlow` instead. - * - * A taint tracking configuration for untrusted data flowing to sensitive conditions. - */ -deprecated class ConditionalBypassFlowConfig extends TaintTracking::Configuration { - ConditionalBypassFlowConfig() { this = "ConditionalBypassFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - endsWithStep(node1, node2) - } -} - /** * A taint tracking configuration for untrusted data flowing to sensitive conditions. */ diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index f27b677722f0..6838555179a6 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -92,19 +92,6 @@ class ExternalApiDataNode extends DataFlow::Node { string getMethodDescription() { result = this.getMethod().getQualifiedName() } } -/** - * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead. - * - * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. - */ -deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { - UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } -} - /** * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */ diff --git a/java/ql/lib/semmle/code/java/security/ExternalProcess.qll b/java/ql/lib/semmle/code/java/security/ExternalProcess.qll index 385d2f6c5481..58f7457e9e30 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalProcess.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalProcess.qll @@ -4,16 +4,6 @@ import semmle.code.java.Member private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.security.CommandLineQuery -/** - * DEPRECATED: A callable that executes a command. - */ -abstract deprecated class ExecCallable extends Callable { - /** - * Gets the index of an argument that will be part of the command that is executed. - */ - abstract int getAnExecutedArgument(); -} - /** * An expression used as an argument to a call that executes an external command. For calls to * varargs method calls, this only includes the first argument, which will be the command diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index 97ad1d7a5646..f625807470df 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -5,24 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.FragmentInjection -/** - * DEPRECATED: Use `FragmentInjectionFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to create Android fragments dynamically. - */ -deprecated class FragmentInjectionTaintConf extends TaintTracking::Configuration { - FragmentInjectionTaintConf() { this = "FragmentInjectionTaintConf" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof FragmentInjectionSink } - - override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - any(FragmentInjectionAdditionalTaintStep c).step(n1, n2) - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to create Android fragments dynamically. diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll index aecd634b5412..3af836cac97a 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll @@ -5,24 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.GroovyInjection -/** - * DEPRECATED: Use `GroovyInjectionFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to evaluate a Groovy expression. - */ -deprecated class GroovyInjectionConfig extends TaintTracking::Configuration { - GroovyInjectionConfig() { this = "GroovyInjectionConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink } - - override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode) - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to evaluate a Groovy expression. diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll index 92d4f2a22aa1..f623973a6573 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll @@ -6,55 +6,6 @@ import java import semmle.code.java.dataflow.DataFlow import HardcodedCredentials -/** - * DEPRECATED: Use `HardcodedCredentialApiCallFlow` instead. - * - * A data-flow configuration that tracks flow from a hard-coded credential in a call to a sensitive Java API which may compromise security. - */ -deprecated class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration { - HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" } - - override predicate isSource(DataFlow::Node n) { - n.asExpr() instanceof HardcodedExpr and - not n.asExpr().getEnclosingCallable() instanceof ToStringMethod - } - - override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof CredentialsApiSink } - - override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - node1.asExpr().getType() instanceof TypeString and - ( - exists(MethodCall ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) | - node2.asExpr() = ma and - ma.getQualifier() = node1.asExpr() - ) - or - // These base64 routines are usually taint propagators, and this is not a general - // TaintTracking::Configuration, so we must specifically include them here - // as a common transform applied to a constant before passing to a remote API. - exists(MethodCall ma | - ma.getMethod() - .hasQualifiedName([ - "java.util", "cn.hutool.core.codec", "org.apache.shiro.codec", - "apache.commons.codec.binary", "org.springframework.util" - ], ["Base64$Encoder", "Base64$Decoder", "Base64", "Base64Utils"], - [ - "encode", "encodeToString", "decode", "decodeBase64", "encodeBase64", - "encodeBase64Chunked", "encodeBase64String", "encodeBase64URLSafe", - "encodeBase64URLSafeString" - ]) - | - node1.asExpr() = ma.getArgument(0) and - node2.asExpr() = ma - ) - ) - } - - override predicate isBarrier(DataFlow::Node n) { - n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv - } -} - /** * A data-flow configuration that tracks flow from a hard-coded credential in a call to a sensitive Java API which may compromise security. */ diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll index 67383877d7e1..2192c5c70de2 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll @@ -8,22 +8,6 @@ deprecated import semmle.code.java.dataflow.DataFlow2 private import semmle.code.java.dataflow.DataFlow2 import HardcodedCredentials -/** - * DEPRECATED: Use `HardcodedCredentialSourceCallFlow` instead. - * - * A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests - * it may be a credential, excluding those which flow on to other such insecure usage sites. - */ -deprecated class HardcodedCredentialSourceCallConfiguration extends DataFlow::Configuration { - HardcodedCredentialSourceCallConfiguration() { - this = "HardcodedCredentialSourceCallConfiguration" - } - - override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof HardcodedExpr } - - override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof FinalCredentialsSourceSink } -} - /** * A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests * it may be a credential, excluding those which flow on to other such insecure usage sites. @@ -40,22 +24,6 @@ module HardcodedCredentialSourceCallConfig implements DataFlow::ConfigSig { */ module HardcodedCredentialSourceCallFlow = DataFlow::Global; -/** - * DEPRECATED: Use `HardcodedCredentialParameterSourceCallFlow` instead. - * - * A data-flow configuration that tracks flow from an argument whose corresponding parameter name suggests - * a credential, to an argument to a sensitive call. - */ -deprecated class HardcodedCredentialSourceCallConfiguration2 extends DataFlow2::Configuration { - HardcodedCredentialSourceCallConfiguration2() { - this = "HardcodedCredentialSourceCallConfiguration2" - } - - override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof CredentialsSourceSink } - - override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof CredentialsSink } -} - /** * A data-flow configuration that tracks flow from an argument whose corresponding parameter name suggests * a credential, to an argument to a sensitive call. diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll index ae9d3d6201e4..031066d506e0 100644 --- a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll @@ -6,27 +6,6 @@ import semmle.code.java.frameworks.Networking import semmle.code.java.security.HttpsUrls private import semmle.code.java.security.Sanitizers -/** - * DEPRECATED: Use `HttpsStringToUrlOpenMethodFlow` instead. - * - * A taint tracking configuration for HTTP connections. - */ -deprecated class HttpStringToUrlOpenMethodFlowConfig extends TaintTracking::Configuration { - HttpStringToUrlOpenMethodFlowConfig() { this = "HttpStringToUrlOpenMethodFlowConfig" } - - override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HttpStringLiteral } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UrlOpenSink } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(HttpUrlsAdditionalTaintStep c).step(node1, node2) - } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType - } -} - /** * A taint tracking configuration for HTTP connections. */ diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll index 402dacb2e9ae..0a8e0686549d 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll @@ -6,55 +6,6 @@ import semmle.code.java.frameworks.android.Intent import semmle.code.java.frameworks.android.PendingIntent import semmle.code.java.security.ImplicitPendingIntents -/** - * DEPRECATED: Use `ImplicitPendingIntentStartFlow` instead. - * - * A taint tracking configuration for implicit `PendingIntent`s - * being wrapped in another implicit `Intent` that gets started. - */ -deprecated class ImplicitPendingIntentStartConf extends TaintTracking::Configuration { - ImplicitPendingIntentStartConf() { this = "ImplicitPendingIntentStartConf" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { - source.(ImplicitPendingIntentSource).hasState(state) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - sink.(ImplicitPendingIntentSink).hasState(state) - } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof ExplicitIntentSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, node2) - } - - override predicate isAdditionalTaintStep( - DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2, - DataFlow::FlowState state2 - ) { - any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, state1, node2, state2) - } - - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - super.allowImplicitRead(node, c) - or - this.isSink(node, _) and - allowIntentExtrasImplicitRead(node, c) - or - this.isAdditionalTaintStep(node, _) and - c.(DataFlow::FieldContent).getType() instanceof PendingIntent - or - // Allow implicit reads of Intent arrays for steps like getActivities - // or sinks like startActivities - (this.isSink(node, _) or this.isAdditionalFlowStep(node, _, _, _)) and - node.getType().(Array).getElementType() instanceof TypeIntent and - c instanceof DataFlow::ArrayContent - } -} - /** * A taint tracking configuration for implicit `PendingIntent`s * being wrapped in another implicit `Intent` that gets started. diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll index 60e16662d9a1..9e69308e458e 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll @@ -5,24 +5,6 @@ import semmle.code.java.security.HttpsUrls import semmle.code.java.security.InsecureBasicAuth import semmle.code.java.dataflow.TaintTracking -/** - * DEPRECATED: Use `InsecureBasicAuthFlow` instead. - * - * A taint tracking configuration for the Basic authentication scheme - * being used in HTTP connections. - */ -deprecated class BasicAuthFlowConfig extends TaintTracking::Configuration { - BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(HttpUrlsAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint tracking configuration for the Basic authentication scheme * being used in HTTP connections. diff --git a/java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll index a7514ceff96f..d732716ec2e5 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll @@ -4,28 +4,6 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.InsecureTrustManager -/** - * DEPRECATED: Use `InsecureTrustManagerFlow` instead. - * - * A configuration to model the flow of an insecure `TrustManager` - * to the initialization of an SSL context. - */ -deprecated class InsecureTrustManagerConfiguration extends DataFlow::Configuration { - InsecureTrustManagerConfiguration() { this = "InsecureTrustManagerConfiguration" } - - override predicate isSource(DataFlow::Node source) { - source instanceof InsecureTrustManagerSource - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink } - - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - (this.isSink(node) or this.isAdditionalFlowStep(node, _)) and - node.getType() instanceof Array and - c instanceof DataFlow::ArrayContent - } -} - /** * A configuration to model the flow of an insecure `TrustManager` * to the initialization of an SSL context. diff --git a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll index 67678d72a28c..e08cd50cdb3f 100644 --- a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll @@ -3,23 +3,6 @@ import semmle.code.java.dataflow.DataFlow import semmle.code.java.security.InsufficientKeySize -/** - * DEPRECATED: Use `KeySizeFlow` instead. - * - * A data flow configuration for tracking key sizes used in cryptographic algorithms. - */ -deprecated class KeySizeConfiguration extends DataFlow::Configuration { - KeySizeConfiguration() { this = "KeySizeConfiguration" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { - exists(KeySizeState s | source.(InsufficientKeySizeSource).hasState(s) and state = s.toString()) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - exists(KeySizeState s | sink.(InsufficientKeySizeSink).hasState(s) and state = s.toString()) - } -} - /** * A data flow configuration for tracking key sizes used in cryptographic algorithms. */ diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index b9fc3f42eb73..740ce24bf62b 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -8,29 +8,6 @@ private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.DataFlow private import IntentUriPermissionManipulation -/** - * DEPRECATED: Use `IntentUriPermissionManipulationFlow` instead. - * - * A taint tracking configuration for user-provided Intents being returned to third party apps. - */ -deprecated class IntentUriPermissionManipulationConf extends TaintTracking::Configuration { - IntentUriPermissionManipulationConf() { this = "UriPermissionManipulationConf" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { - sink instanceof IntentUriPermissionManipulationSink - } - - override predicate isSanitizer(DataFlow::Node barrier) { - barrier instanceof IntentUriPermissionManipulationSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint tracking configuration for user-provided Intents being returned to third party apps. */ diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index 6f3a7ad00afd..de49560e7792 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -38,25 +38,6 @@ private class DefaultJexlInjectionAdditionalTaintStep extends JexlInjectionAddit } } -/** - * DEPRECATED: Use `JexlInjectionFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to construct and evaluate a JEXL expression. - * It supports both JEXL 2 and 3. - */ -deprecated class JexlInjectionConfig extends TaintTracking::Configuration { - JexlInjectionConfig() { this = "JexlInjectionConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(JexlInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to construct and evaluate a JEXL expression. diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index c7343172016b..3c1f4b8e68eb 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -7,28 +7,6 @@ import semmle.code.java.frameworks.SpringLdap import semmle.code.java.security.JndiInjection private import semmle.code.java.security.Sanitizers -/** - * DEPRECATED: Use `JndiInjectionFlow` instead. - * - * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup. - */ -deprecated class JndiInjectionFlowConfig extends TaintTracking::Configuration { - JndiInjectionFlowConfig() { this = "JndiInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node instanceof SimpleTypeSanitizer or - node instanceof JndiInjectionSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(JndiInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup. */ diff --git a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll index f66ae7f58084..cebc807cc472 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll @@ -4,25 +4,6 @@ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.LogInjection -/** - * DEPRECATED: Use `LogInjectionFlow` instead. - * - * A taint-tracking configuration for tracking untrusted user input used in log entries. - */ -deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { - LogInjectionConfiguration() { this = "LogInjectionConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof LogInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof LogInjectionSanitizer } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(LogInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for tracking untrusted user input used in log entries. */ diff --git a/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll b/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll index c316da2f9651..eaa4c6320c1d 100644 --- a/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll @@ -4,26 +4,6 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.security.JWT -/** - * DEPRECATED: Use `MissingJwtSignatureCheckFlow` instead. - * - * Models flow from signing keys assignments to qualifiers of JWT insecure parsers. - * This is used to determine whether a `JwtParser` performing unsafe parsing has a signing key set. - */ -deprecated class MissingJwtSignatureCheckConf extends DataFlow::Configuration { - MissingJwtSignatureCheckConf() { this = "SigningToExprDataFlow" } - - override predicate isSource(DataFlow::Node source) { - source instanceof JwtParserWithInsecureParseSource - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof JwtParserWithInsecureParseSink } - - override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - any(JwtParserWithInsecureParseAdditionalFlowStep c).step(node1, node2) - } -} - /** * Models flow from signing keys assignments to qualifiers of JWT insecure parsers. * This is used to determine whether a `JwtParser` performing unsafe parsing has a signing key set. diff --git a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll index c2697861d7c8..4bf81804f827 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll @@ -5,28 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.MvelInjection -/** - * DEPRECATED: Use `MvelInjectionFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to construct and evaluate a MVEL expression. - */ -deprecated class MvelInjectionFlowConfig extends TaintTracking::Configuration { - MvelInjectionFlowConfig() { this = "MvelInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof MvelEvaluationSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof MvelInjectionSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(MvelInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to construct and evaluate a MVEL expression. diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll index 259f344205eb..3acf18c453ce 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll @@ -5,27 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.OgnlInjection private import semmle.code.java.security.Sanitizers -/** - * DEPRECATED: Use `OgnlInjectionFlow` instead. - * - * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. - */ -deprecated class OgnlInjectionFlowConfig extends TaintTracking::Configuration { - OgnlInjectionFlowConfig() { this = "OgnlInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof OgnlInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(OgnlInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation. */ diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll index 442af520f5da..c4c3e6b093cb 100644 --- a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll @@ -6,23 +6,6 @@ import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources -/** - * DEPRECATED: Use `PartialPathTraversalFromRemoteFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to validate against path traversal, but is insufficient - * and remains vulnerable to Partial Path Traversal. - */ -deprecated class PartialPathTraversalFromRemoteConfig extends TaintTracking::Configuration { - PartialPathTraversalFromRemoteConfig() { this = "PartialPathTraversalFromRemoteConfig" } - - override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node node) { - any(PartialPathTraversalMethodCall ma).getQualifier() = node.asExpr() - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to validate against path traversal, but is insufficient diff --git a/java/ql/lib/semmle/code/java/security/PathCreation.qll b/java/ql/lib/semmle/code/java/security/PathCreation.qll deleted file mode 100644 index 3d40a1d4fdb5..000000000000 --- a/java/ql/lib/semmle/code/java/security/PathCreation.qll +++ /dev/null @@ -1,143 +0,0 @@ -/** - * DEPRECATED. - * - * Models the different ways to create paths. Either by using `java.io.File`-related APIs or `java.nio.file.Path`-related APIs. - */ - -import java - -/** DEPRECATED: Models the creation of a path. */ -abstract deprecated class PathCreation extends Expr { - /** - * Gets an input that is used in the creation of this path. - * This excludes inputs of type `File` and `Path`. - */ - abstract Expr getAnInput(); -} - -/** Models the `java.nio.file.Paths.get` method. */ -deprecated private class PathsGet extends PathCreation, MethodCall { - PathsGet() { - exists(Method m | m = this.getMethod() | - m.getDeclaringType() instanceof TypePaths and - m.getName() = "get" - ) - } - - override Expr getAnInput() { result = this.getAnArgument() } -} - -/** Models the `java.nio.file.FileSystem.getPath` method. */ -deprecated private class FileSystemGetPath extends PathCreation, MethodCall { - FileSystemGetPath() { - exists(Method m | m = this.getMethod() | - m.getDeclaringType() instanceof TypeFileSystem and - m.getName() = "getPath" - ) - } - - override Expr getAnInput() { result = this.getAnArgument() } -} - -/** Models the `new java.io.File(...)` constructor. */ -deprecated private class FileCreation extends PathCreation, ClassInstanceExpr { - FileCreation() { this.getConstructedType() instanceof TypeFile } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments include those that are not a `File`. - not result.getType() instanceof TypeFile - } -} - -/** Models the `java.nio.file.Path.resolveSibling` method. */ -deprecated private class PathResolveSiblingCreation extends PathCreation, MethodCall { - PathResolveSiblingCreation() { - exists(Method m | m = this.getMethod() | - m.getDeclaringType() instanceof TypePath and - m.getName() = "resolveSibling" - ) - } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} - -/** Models the `java.nio.file.Path.resolve` method. */ -deprecated private class PathResolveCreation extends PathCreation, MethodCall { - PathResolveCreation() { - exists(Method m | m = this.getMethod() | - m.getDeclaringType() instanceof TypePath and - m.getName() = "resolve" - ) - } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} - -/** Models the `java.nio.file.Path.of` method. */ -deprecated private class PathOfCreation extends PathCreation, MethodCall { - PathOfCreation() { - exists(Method m | m = this.getMethod() | - m.getDeclaringType() instanceof TypePath and - m.getName() = "of" - ) - } - - override Expr getAnInput() { result = this.getAnArgument() } -} - -/** Models the `new java.io.FileWriter(...)` constructor. */ -deprecated private class FileWriterCreation extends PathCreation, ClassInstanceExpr { - FileWriterCreation() { this.getConstructedType().hasQualifiedName("java.io", "FileWriter") } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} - -/** Models the `new java.io.FileReader(...)` constructor. */ -deprecated private class FileReaderCreation extends PathCreation, ClassInstanceExpr { - FileReaderCreation() { this.getConstructedType().hasQualifiedName("java.io", "FileReader") } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} - -/** Models the `new java.io.FileInputStream(...)` constructor. */ -deprecated private class FileInputStreamCreation extends PathCreation, ClassInstanceExpr { - FileInputStreamCreation() { - this.getConstructedType().hasQualifiedName("java.io", "FileInputStream") - } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} - -/** Models the `new java.io.FileOutputStream(...)` constructor. */ -deprecated private class FileOutputStreamCreation extends PathCreation, ClassInstanceExpr { - FileOutputStreamCreation() { - this.getConstructedType().hasQualifiedName("java.io", "FileOutputStream") - } - - override Expr getAnInput() { - result = this.getAnArgument() and - // Relevant arguments are those of type `String`. - result.getType() instanceof TypeString - } -} diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index a26245ae9cff..e8415cc19786 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -7,31 +7,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.RequestForgery -/** - * DEPRECATED: Use `RequestForgeryConfiguration` module instead. - * - * A taint-tracking configuration characterising request-forgery risks. - */ -deprecated class RequestForgeryConfiguration extends TaintTracking::Configuration { - RequestForgeryConfiguration() { this = "Server-Side Request Forgery" } - - override predicate isSource(DataFlow::Node source) { - source instanceof RemoteFlowSource and - // Exclude results of remote HTTP requests: fetching something else based on that result - // is no worse than following a redirect returned by the remote server, and typically - // we're requesting a resource via https which we trust to only send us to safe URLs. - not source.asExpr().(MethodCall).getCallee() instanceof UrlConnectionGetInputStreamMethod - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - any(RequestForgeryAdditionalTaintStep r).propagatesTaint(pred, succ) - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof RequestForgerySanitizer } -} - /** * A taint-tracking configuration characterising request-forgery risks. */ diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index 848a1c2b990c..66e4a0537d2c 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -4,28 +4,6 @@ import java import Encryption import semmle.code.java.dataflow.DataFlow -/** - * DEPRECATED: Use `RsaWithoutOaepFlow` instead. - * - * A configuration for finding RSA ciphers initialized without using OAEP padding. - */ -deprecated class RsaWithoutOaepConfig extends DataFlow::Configuration { - RsaWithoutOaepConfig() { this = "RsaWithoutOaepConfig" } - - override predicate isSource(DataFlow::Node src) { - exists(CompileTimeConstantExpr specExpr, string spec | - specExpr.getStringValue() = spec and - specExpr = src.asExpr() and - spec.matches("RSA/%") and - not spec.matches("%OAEP%") - ) - } - - override predicate isSink(DataFlow::Node sink) { - exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec()) - } -} - /** * A configuration for finding RSA ciphers initialized without using OAEP padding. */ diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll index f7232f045b3e..201b347e014c 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll @@ -40,29 +40,6 @@ private class TypeType extends RefType { } } -/** - * DEPRECATED: Use `SensitiveLoggerConfiguration` module instead. - * - * A data-flow configuration for identifying potentially-sensitive data flowing to a log output. - */ -deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configuration { - SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource } - - override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer.asExpr() instanceof LiveLiteral or - sanitizer.getType() instanceof PrimitiveType or - sanitizer.getType() instanceof BoxedType or - sanitizer.getType() instanceof NumberType or - sanitizer.getType() instanceof TypeType - } - - override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) } -} - /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */ module SensitiveLoggerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource } diff --git a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll index 8269a42c5c25..e22dcef12113 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll @@ -32,25 +32,6 @@ private predicate untrustedResultReceiverSend(DataFlow::Node src, ResultReceiver UntrustedResultReceiverFlow::flow(src, DataFlow::exprNode(call.getReceiver())) } -deprecated private class SensitiveResultReceiverConf extends TaintTracking::Configuration { - SensitiveResultReceiverConf() { this = "SensitiveResultReceiverConf" } - - override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr } - - override predicate isSink(DataFlow::Node node) { - exists(ResultReceiverSendCall call | - untrustedResultReceiverSend(_, call) and - node.asExpr() = call.getSentData() - ) - } - - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { - super.allowImplicitRead(node, c) - or - this.isSink(node) - } -} - /** * A sensitive result receiver sink node. */ @@ -74,21 +55,6 @@ private module SensitiveResultReceiverConfig implements DataFlow::ConfigSig { /** Taint tracking flow for sensitive expressions flowing to untrusted result receivers. */ module SensitiveResultReceiverFlow = TaintTracking::Global; -/** - * DEPRECATED: Use `isSensitiveResultReceiver` instead. - * - * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`. - */ -deprecated predicate sensitiveResultReceiver( - DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc -) { - exists(ResultReceiverSendCall call | - any(SensitiveResultReceiverConf c).hasFlowPath(src, sink) and - sink.getNode().asExpr() = call.getSentData() and - untrustedResultReceiverSend(recSrc, call) - ) -} - /** * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`. */ diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index cbd79c65d256..848aae8da30a 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -6,24 +6,6 @@ private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.frameworks.spring.SpringExpression private import semmle.code.java.security.SpelInjection -/** - * DEPRECATED: Use `SpelInjectionFlow` instead. - * - * A taint-tracking configuration for unsafe user input - * that is used to construct and evaluate a SpEL expression. - */ -deprecated class SpelInjectionConfig extends TaintTracking::Configuration { - SpelInjectionConfig() { this = "SpelInjectionConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof SpelExpressionEvaluationSink } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(SpelExpressionInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unsafe user input * that is used to construct and evaluate a SpEL expression. diff --git a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll index 4e21af713322..c4638538a635 100644 --- a/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll @@ -11,29 +11,6 @@ import semmle.code.java.dataflow.FlowSources private import semmle.code.java.security.Sanitizers import semmle.code.java.security.QueryInjection -/** - * DEPRECATED: Use `QueryInjectionFlow` instead. - * - * A taint-tracking configuration for unvalidated user input that is used in SQL queries. - */ -deprecated class QueryInjectionFlowConfig extends TaintTracking::Configuration { - QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or - node.getType() instanceof BoxedType or - node.getType() instanceof NumberType - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(AdditionalQueryInjectionTaintStep s).step(node1, node2) - } -} - /** * A taint-tracking configuration for unvalidated user input that is used in SQL queries. */ @@ -52,16 +29,6 @@ module QueryInjectionFlowConfig implements DataFlow::ConfigSig { /** Tracks flow of unvalidated user input that is used in SQL queries. */ module QueryInjectionFlow = TaintTracking::Global; -/** - * Implementation of `SqlTainted.ql`. This is extracted to a QLL so that it - * can be excluded from `SqlConcatenated.ql` to avoid overlapping results. - */ -deprecated predicate queryTaintedBy( - QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink -) { - any(QueryInjectionFlowConfig c).hasFlowPath(source, sink) and sink.getNode() = query -} - /** * Implementation of `SqlTainted.ql`. This is extracted to a QLL so that it * can be excluded from `SqlConcatenated.ql` to avoid overlapping results. diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll index 14a8789d4f96..9ba848d1e0df 100644 --- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll @@ -119,21 +119,6 @@ private class EncryptionInitializationSink extends DataFlow::Node { EncryptionInitializationSink() { sinkNode(this, "encryption-iv") } } -/** - * DEPRECATED: Use `StaticInitializationVectorFlow` instead. - * - * A config that tracks dataflow to initializing a cipher with a static initialization vector. - */ -deprecated class StaticInitializationVectorConfig extends TaintTracking::Configuration { - StaticInitializationVectorConfig() { this = "StaticInitializationVectorConfig" } - - override predicate isSource(DataFlow::Node source) { - source instanceof StaticInitializationVectorSource - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof EncryptionInitializationSink } -} - /** * A config that tracks dataflow to initializing a cipher with a static initialization vector. */ diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll index 07150b554aab..a9595b0f6f19 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll @@ -5,42 +5,6 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.TemplateInjection -/** - * DEPRECATED: Use `TemplateInjectionFlow` instead. - * - * A taint tracking configuration to reason about server-side template injection (SST) vulnerabilities - */ -deprecated class TemplateInjectionFlowConfig extends TaintTracking::Configuration { - TemplateInjectionFlowConfig() { this = "TemplateInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { - source.(TemplateInjectionSource).hasState(state) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - sink.(TemplateInjectionSink).hasState(state) - } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof TemplateInjectionSanitizer - } - - override predicate isSanitizer(DataFlow::Node sanitizer, DataFlow::FlowState state) { - sanitizer.(TemplateInjectionSanitizerWithState).hasState(state) - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(TemplateInjectionAdditionalTaintStep a).isAdditionalTaintStep(node1, node2) - } - - override predicate isAdditionalTaintStep( - DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2, - DataFlow::FlowState state2 - ) { - any(TemplateInjectionAdditionalTaintStep a).isAdditionalTaintStep(node1, state1, node2, state2) - } -} - /** A taint tracking configuration to reason about server-side template injection (SST) vulnerabilities */ module TemplateInjectionFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof TemplateInjectionSource } diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll index bf25cd3117e2..3239b387d8e0 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll @@ -6,23 +6,6 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.RequestForgery import semmle.code.java.security.UnsafeAndroidAccess -/** - * DEPRECATED: Use `FetchUntrustedResourceFlow` instead. - * - * A taint configuration tracking flow from untrusted inputs to a resource fetching call. - */ -deprecated class FetchUntrustedResourceConfiguration extends TaintTracking::Configuration { - FetchUntrustedResourceConfiguration() { this = "FetchUntrustedResourceConfiguration" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof RequestForgerySanitizer - } -} - /** * A taint configuration tracking flow from untrusted inputs to a resource fetching call. */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll index 39a55118ec4e..803e3836ab0e 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll @@ -5,23 +5,6 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.UnsafeCertTrust import semmle.code.java.security.Encryption -/** - * DEPRECATED: Use `SslEndpointIdentificationFlow` instead. - * - * A taint flow configuration for SSL connections created without a proper certificate trust configuration. - */ -deprecated class SslEndpointIdentificationFlowConfig extends TaintTracking::Configuration { - SslEndpointIdentificationFlowConfig() { this = "SslEndpointIdentificationFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof SslConnectionInit } - - override predicate isSink(DataFlow::Node sink) { sink instanceof SslConnectionCreation } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof SslUnsafeCertTrustSanitizer - } -} - /** * A taint flow configuration for SSL connections created without a proper certificate trust configuration. */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index a43864f8b53a..db629143d5ce 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -5,27 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.UnsafeContentUriResolution -/** - * DEPRECATED: Use `UnsafeContentUriResolutionFlow` instead. - * - * A taint-tracking configuration to find paths from remote sources to content URI resolutions. - */ -deprecated class UnsafeContentResolutionConf extends TaintTracking::Configuration { - UnsafeContentResolutionConf() { this = "UnsafeContentResolutionConf" } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ContentUriResolutionSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { - sanitizer instanceof ContentUriResolutionSanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(ContentUriResolutionAdditionalTaintStep s).step(node1, node2) - } -} - /** * A taint-tracking configuration to find paths from remote sources to content URI resolutions. */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index 734ad4c89fe6..739b2713780b 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -314,25 +314,6 @@ private predicate isUnsafeDeserializationTaintStep(DataFlow::Node pred, DataFlow intentFlowsToParcel(pred, succ) } -/** - * DEPRECATED: Use `UnsafeDeserializationFlow` instead. - * - * Tracks flows from remote user input to a deserialization sink. - */ -deprecated class UnsafeDeserializationConfig extends TaintTracking::Configuration { - UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isUnsafeDeserializationTaintStep(pred, succ) - } - - override predicate isSanitizer(DataFlow::Node node) { isUnsafeDeserializationSanitizer(node) } -} - /** Tracks flows from remote user input to a deserialization sink. */ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } @@ -428,30 +409,6 @@ private predicate isUnsafeTypeAdditionalTaintStep(DataFlow::Node fromNode, DataF intentFlowsToParcel(fromNode, toNode) } -/** - * DEPRECATED: Use `UnsafeTypeFlow` instead. - * - * Tracks flow from a remote source to a type descriptor (e.g. a `java.lang.Class` instance) - * passed to a deserialization method. - * - * If this is user-controlled, arbitrary code could be executed while instantiating the user-specified type. - */ -deprecated class UnsafeTypeConfig extends TaintTracking2::Configuration { - UnsafeTypeConfig() { this = "UnsafeTypeConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeTypeSink } - - /** - * Holds if `fromNode` to `toNode` is a dataflow step that resolves a class - * or at least looks like resolving a class. - */ - override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - isUnsafeTypeAdditionalTaintStep(fromNode, toNode) - } -} - /** * Tracks flow from a remote source to a type descriptor (e.g. a `java.lang.Class` instance) * passed to a deserialization method. @@ -480,21 +437,6 @@ module UnsafeTypeConfig implements DataFlow::ConfigSig { */ module UnsafeTypeFlow = TaintTracking::Global; -/** - * DEPRECATED: Use `EnableJacksonDefaultTypingFlow` instead. - * - * Tracks flow from `enableDefaultTyping` calls to a subsequent Jackson deserialization method call. - */ -deprecated class EnableJacksonDefaultTypingConfig extends DataFlow2::Configuration { - EnableJacksonDefaultTypingConfig() { this = "EnableJacksonDefaultTypingConfig" } - - override predicate isSource(DataFlow::Node src) { - any(EnableJacksonDefaultTyping ma).getQualifier() = src.asExpr() - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMapperReadQualifier } -} - private module EnableJacksonDefaultTypingConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { any(EnableJacksonDefaultTyping ma).getQualifier() = src.asExpr() @@ -523,32 +465,6 @@ private predicate isObjectMapperBuilderAdditionalFlowStep( ) } -/** - * DEPRECATED: Use `SafeObjectMapperFlow` instead. - * - * Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, - * including across builder method calls. - * - * Such a Jackson deserialization method call is safe because validation will likely prevent instantiating unexpected types. - */ -deprecated class SafeObjectMapperConfig extends DataFlow2::Configuration { - SafeObjectMapperConfig() { this = "SafeObjectMapperConfig" } - - override predicate isSource(DataFlow::Node src) { - src instanceof SetPolymorphicTypeValidatorSource - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof ObjectMapperReadQualifier } - - /** - * Holds if `fromNode` to `toNode` is a dataflow step - * that configures or creates an `ObjectMapper` via a builder. - */ - override predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) { - isObjectMapperBuilderAdditionalFlowStep(fromNode, toNode) - } -} - /** * Tracks flow from calls that set a type validator to a subsequent Jackson deserialization method call, * including across builder method calls. diff --git a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll index f10b0132b5ac..8e5b177268df 100644 --- a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll +++ b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll @@ -19,32 +19,6 @@ private predicate isDebugCheck(Expr ex) { ) } -/** - * DEPRECATED: Use `WebviewDebugEnabledFlow` instead. - * - * A configuration to find instances of `setWebContentDebuggingEnabled` called with `true` values. - */ -deprecated class WebviewDebugEnabledConfig extends DataFlow::Configuration { - WebviewDebugEnabledConfig() { this = "WebviewDebugEnabledConfig" } - - override predicate isSource(DataFlow::Node node) { - node.asExpr().(BooleanLiteral).getBooleanValue() = true - } - - override predicate isSink(DataFlow::Node node) { - exists(MethodCall ma | - ma.getMethod().hasQualifiedName("android.webkit", "WebView", "setWebContentsDebuggingEnabled") and - node.asExpr() = ma.getArgument(0) - ) - } - - override predicate isBarrier(DataFlow::Node node) { - exists(Guard debug | isDebugCheck(debug) and debug.controls(node.asExpr().getBasicBlock(), _)) - or - node.getEnclosingCallable().getDeclaringType() instanceof NonSecurityTestClass - } -} - /** * A webview debug sink node. */ diff --git a/java/ql/lib/semmle/code/java/security/WebviewDubuggingEnabledQuery.qll b/java/ql/lib/semmle/code/java/security/WebviewDubuggingEnabledQuery.qll deleted file mode 100644 index f315c55291e0..000000000000 --- a/java/ql/lib/semmle/code/java/security/WebviewDubuggingEnabledQuery.qll +++ /dev/null @@ -1,11 +0,0 @@ -/** - * DEPRECATED: Use `semmle.code.java.security.WebviewDebuggingEnabledQuery` instead. - * - * Definitions for the Android Webview Debugging Enabled query - */ - -import java -private import semmle.code.java.security.WebviewDebuggingEnabledQuery as WebviewDebuggingEnabledQuery - -deprecated class WebviewDebugEnabledConfig = - WebviewDebuggingEnabledQuery::WebviewDebugEnabledConfig; diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index 565efb4f59ae..4a5b7121e603 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -833,27 +833,6 @@ class TransformerFactoryConfig extends TransformerConfig { } } -/** - * DEPRECATED. - * - * A dataflow configuration that identifies `TransformerFactory` and `SAXTransformerFactory` - * instances that have been safely configured. - */ -deprecated class SafeTransformerFactoryFlowConfig extends DataFlow3::Configuration { - SafeTransformerFactoryFlowConfig() { this = "XmlParsers::SafeTransformerFactoryFlowConfig" } - - override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeTransformerFactory } - - override predicate isSink(DataFlow::Node sink) { - exists(MethodCall ma | - sink.asExpr() = ma.getQualifier() and - ma.getMethod().getDeclaringType() instanceof TransformerFactory - ) - } - - override int fieldFlowBranchLimit() { result = 0 } -} - /** * DEPRECATED. * diff --git a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll index 028ef4863d36..d437ca860d5f 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll @@ -7,27 +7,6 @@ import semmle.code.java.security.XmlParsers import semmle.code.java.security.XsltInjection private import semmle.code.java.security.Sanitizers -/** - * DEPRECATED: Use `XsltInjectionFlow` instead. - * - * A taint-tracking configuration for unvalidated user input that is used in XSLT transformation. - */ -deprecated class XsltInjectionFlowConfig extends TaintTracking::Configuration { - XsltInjectionFlowConfig() { this = "XsltInjectionFlowConfig" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof XsltInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - any(XsltInjectionAdditionalTaintStep c).step(node1, node2) - } -} - /** * A taint-tracking configuration for unvalidated user input that is used in XSLT transformation. */ diff --git a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll index f6bfa8850b2d..f485137fc782 100644 --- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll @@ -5,25 +5,6 @@ private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.security.XxeQuery -/** - * DEPRECATED: Use `XxeLocalFlow` instead. - * - * A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion. - */ -deprecated class XxeLocalConfig extends TaintTracking::Configuration { - XxeLocalConfig() { this = "XxeLocalConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - override predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer } - - override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - any(XxeAdditionalTaintStep s).step(n1, n2) - } -} - /** * A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion. */ diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 9236a7185c31..58b1e5bfed1a 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -5,25 +5,6 @@ private import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.security.XxeQuery -/** - * DEPRECATED: Use `XxeFlow` instead. - * - * A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion. - */ -deprecated class XxeConfig extends TaintTracking::Configuration { - XxeConfig() { this = "XxeConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer } - - override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - any(XxeAdditionalTaintStep s).step(n1, n2) - } -} - /** * A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion. */ diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 08a58bfa6e9b..0055670d895c 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -5,7 +5,6 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.PathSanitizer private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.PathCreation private import semmle.code.java.security.Sanitizers /** diff --git a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll index d08374e0318f..55c1a043230a 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll @@ -33,38 +33,6 @@ private class LengthRestrictedMethod extends Method { } } -/** - * DEPRECATED: Use `PolynomialRedosFlow` instead. - * - * A configuration for Polynomial ReDoS queries. - */ -deprecated class PolynomialRedosConfig extends TaintTracking::Configuration { - PolynomialRedosConfig() { this = "PolynomialRedosConfig" } - - override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof PolynomialRedosSink } - - override predicate isSanitizer(DataFlow::Node node) { - node.getType() instanceof PrimitiveType or - node.getType() instanceof BoxedType or - node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod - } -} - -/** - * DEPRECATED: Use `PolynomialRedosFlow` instead. - * - * Holds if there is flow from `source` to `sink` that is matched against the regexp term `regexp` that is vulnerable to Polynomial ReDoS. - */ -deprecated predicate hasPolynomialReDoSResult( - DataFlow::PathNode source, DataFlow::PathNode sink, - SuperlinearBackTracking::PolynomialBackTrackingTerm regexp -) { - any(PolynomialRedosConfig config).hasFlowPath(source, sink) and - regexp.getRootTerm() = sink.getNode().(PolynomialRedosSink).getRegExp() -} - /** A configuration for Polynomial ReDoS queries. */ module PolynomialRedosConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src instanceof ThreatModelFlowSource } diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll index 5d44139e02e7..887100618196 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll @@ -5,21 +5,6 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.regexp.RegexInjection -/** - * DEPRECATED: Use `RegexInjectionFlow` instead. - * - * A taint-tracking configuration for untrusted user input used to construct regular expressions. - */ -deprecated class RegexInjectionConfiguration extends TaintTracking::Configuration { - RegexInjectionConfiguration() { this = "RegexInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof RegexInjectionSanitizer } -} - /** * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 3963442d6489..9410a5f7c87d 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -14,7 +14,6 @@ */ import java -import semmle.code.java.security.PathCreation import semmle.code.java.security.TaintedPathQuery import TaintedPathFlow::PathGraph diff --git a/java/ql/test/library-tests/pathcreation/PathCreation.expected b/java/ql/test/library-tests/pathcreation/PathCreation.expected deleted file mode 100644 index 3ea0481c5f38..000000000000 --- a/java/ql/test/library-tests/pathcreation/PathCreation.expected +++ /dev/null @@ -1,26 +0,0 @@ -WARNING: type 'PathCreation' has been deprecated and may be removed in future (PathCreation.ql:4,6-18) -| PathCreation.java:13:18:13:32 | new File(...) | PathCreation.java:13:27:13:31 | "dir" | -| PathCreation.java:14:19:14:40 | new File(...) | PathCreation.java:14:28:14:32 | "dir" | -| PathCreation.java:14:19:14:40 | new File(...) | PathCreation.java:14:35:14:39 | "sub" | -| PathCreation.java:18:18:18:49 | new File(...) | PathCreation.java:18:44:18:48 | "sub" | -| PathCreation.java:18:27:18:41 | new File(...) | PathCreation.java:18:36:18:40 | "dir" | -| PathCreation.java:22:18:22:41 | new File(...) | PathCreation.java:22:27:22:40 | new URI(...) | -| PathCreation.java:26:18:26:31 | of(...) | PathCreation.java:26:26:26:30 | "dir" | -| PathCreation.java:27:19:27:39 | of(...) | PathCreation.java:27:27:27:31 | "dir" | -| PathCreation.java:27:19:27:39 | of(...) | PathCreation.java:27:34:27:38 | "sub" | -| PathCreation.java:31:18:31:40 | of(...) | PathCreation.java:31:26:31:39 | new URI(...) | -| PathCreation.java:35:18:35:33 | get(...) | PathCreation.java:35:28:35:32 | "dir" | -| PathCreation.java:36:19:36:41 | get(...) | PathCreation.java:36:29:36:33 | "dir" | -| PathCreation.java:36:19:36:41 | get(...) | PathCreation.java:36:36:36:40 | "sub" | -| PathCreation.java:40:18:40:42 | get(...) | PathCreation.java:40:28:40:41 | new URI(...) | -| PathCreation.java:44:18:44:56 | getPath(...) | PathCreation.java:44:51:44:55 | "dir" | -| PathCreation.java:45:19:45:64 | getPath(...) | PathCreation.java:45:52:45:56 | "dir" | -| PathCreation.java:45:19:45:64 | getPath(...) | PathCreation.java:45:59:45:63 | "sub" | -| PathCreation.java:49:18:49:31 | of(...) | PathCreation.java:49:26:49:30 | "dir" | -| PathCreation.java:49:18:49:53 | resolveSibling(...) | PathCreation.java:49:48:49:52 | "sub" | -| PathCreation.java:53:18:53:31 | of(...) | PathCreation.java:53:26:53:30 | "dir" | -| PathCreation.java:53:18:53:46 | resolve(...) | PathCreation.java:53:41:53:45 | "sub" | -| PathCreation.java:57:25:57:45 | new FileWriter(...) | PathCreation.java:57:40:57:44 | "dir" | -| PathCreation.java:61:25:61:45 | new FileReader(...) | PathCreation.java:61:40:61:44 | "dir" | -| PathCreation.java:65:32:65:58 | new FileOutputStream(...) | PathCreation.java:65:53:65:57 | "dir" | -| PathCreation.java:69:31:69:56 | new FileInputStream(...) | PathCreation.java:69:51:69:55 | "dir" | diff --git a/java/ql/test/library-tests/pathcreation/PathCreation.java b/java/ql/test/library-tests/pathcreation/PathCreation.java deleted file mode 100644 index fcd1eed3e284..000000000000 --- a/java/ql/test/library-tests/pathcreation/PathCreation.java +++ /dev/null @@ -1,71 +0,0 @@ -import java.io.File; -import java.io.FileWriter; -import java.io.FileReader; -import java.io.FileOutputStream; -import java.io.FileInputStream; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.FileSystems; -import java.net.URI; - -class PathCreation { - public void testNewFileWithString() { - File f = new File("dir"); - File f2 = new File("dir", "sub"); - } - - public void testNewFileWithFileString() { - File f = new File(new File("dir"), "sub"); - } - - public void testNewFileWithURI() throws java.net.URISyntaxException { - File f = new File(new URI("dir")); - } - - public void testPathOfWithString() { - Path p = Path.of("dir"); - Path p2 = Path.of("dir", "sub"); - } - - public void testPathOfWithURI() throws java.net.URISyntaxException { - Path p = Path.of(new URI("dir")); - } - - public void testPathsGetWithString() { - Path p = Paths.get("dir"); - Path p2 = Paths.get("dir", "sub"); - } - - public void testPathsGetWithURI() throws java.net.URISyntaxException { - Path p = Paths.get(new URI("dir")); - } - - public void testFileSystemGetPathWithString() { - Path p = FileSystems.getDefault().getPath("dir"); - Path p2 = FileSystems.getDefault().getPath("dir", "sub"); - } - - public void testPathResolveSiblingWithString() { - Path p = Path.of("dir").resolveSibling("sub"); - } - - public void testPathResolveWithString() { - Path p = Path.of("dir").resolve("sub"); - } - - public void testNewFileWriterWithString() throws java.io.IOException { - FileWriter fw = new FileWriter("dir"); - } - - public void testNewFileReaderWithString() throws java.io.FileNotFoundException { - FileReader fr = new FileReader("dir"); - } - - public void testNewFileOutputStreamWithString() throws java.io.FileNotFoundException { - FileOutputStream fos = new FileOutputStream("dir"); - } - - public void testNewFileInputStreamWithString() throws java.io.FileNotFoundException { - FileInputStream fis = new FileInputStream("dir"); - } -} diff --git a/java/ql/test/library-tests/pathcreation/PathCreation.ql b/java/ql/test/library-tests/pathcreation/PathCreation.ql deleted file mode 100644 index fb27c5383190..000000000000 --- a/java/ql/test/library-tests/pathcreation/PathCreation.ql +++ /dev/null @@ -1,5 +0,0 @@ -import java -import semmle.code.java.security.PathCreation - -from PathCreation path -select path, path.getAnInput() diff --git a/javascript/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/javascript/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..cb356514160f --- /dev/null +++ b/javascript/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,10 @@ +--- +category: breaking +--- +* Deleted the deprecated `isHTMLElement` and `getDOMName` predicates from the JSX library, use `isHtmlElement` and `getDomName` respectively instead. +* Deleted the deprecated `getPackageJSON` predicate from the `SourceMappingComment` class, use `SourceMappingComment` instead. +* Deleted many deprecated directives from the `Stmt.qll` file, use the `Directive::` module instead. +* Deleted the deprecated `YAMLNode`, `YAMLValue`, and `YAMLScalar` classes from the YAML libraries, use `YamlNode`, `YamlValue`, and `YamlScalar` respectively instead. +* Deleted the deprecated `getARouteHandlerExpr` predicate from `Connect.qll`, use `getARouteHandlerNode` instead. +* Deleted the deprecated `getGWTVersion` predicate from `GWT.qll`, use `getGwtVersion` instead. +* Deleted the deprecated `getOwnOptionsObject` predicate from `Vue.qll`, use `getOwnOptions().getASink()` instead. diff --git a/javascript/ql/lib/semmle/javascript/JSX.qll b/javascript/ql/lib/semmle/javascript/JSX.qll index 6fd7c775d4e8..ed8a7b097a6b 100644 --- a/javascript/ql/lib/semmle/javascript/JSX.qll +++ b/javascript/ql/lib/semmle/javascript/JSX.qll @@ -73,9 +73,6 @@ class JsxElement extends JsxNode { * That is, the name starts with a lowercase letter. */ predicate isHtmlElement() { this.getName().regexpMatch("[a-z].*") } - - /** DEPRECATED: Alias for isHtmlElement */ - deprecated predicate isHTMLElement() { this.isHtmlElement() } } /** @@ -256,7 +253,4 @@ class JsxPragma extends JSDocTag { * the result is `React.DOM`. */ string getDomName() { result = this.getDescription().trim() } - - /** DEPRECATED: Alias for getDomName */ - deprecated string getDOMName() { result = this.getDomName() } } diff --git a/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll b/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll index 7231143ed55e..03b5bf93fb06 100644 --- a/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll +++ b/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll @@ -197,9 +197,6 @@ class MainModulePath extends PathExpr, @json_string { not exists(getExportRelativePath(this)) and result = "." } - /** DEPRECATED: Alias for getPackageJson */ - deprecated PackageJson getPackageJSON() { result = this.getPackageJson() } - override string getValue() { result = this.(JsonString).getValue() } override Folder getAdditionalSearchRoot(int priority) { @@ -258,9 +255,6 @@ private class FilesPath extends PathExpr, @json_string { /** Gets the `package.json` file in which this path occurs. */ PackageJson getPackageJson() { result = pkg } - /** DEPRECATED: Alias for getPackageJson */ - deprecated PackageJson getPackageJSON() { result = this.getPackageJson() } - override string getValue() { result = this.(JsonString).getValue() } override Folder getAdditionalSearchRoot(int priority) { diff --git a/javascript/ql/lib/semmle/javascript/SourceMaps.qll b/javascript/ql/lib/semmle/javascript/SourceMaps.qll index 17dbbd8ccdfd..21fa71121324 100644 --- a/javascript/ql/lib/semmle/javascript/SourceMaps.qll +++ b/javascript/ql/lib/semmle/javascript/SourceMaps.qll @@ -23,7 +23,4 @@ class SourceMappingComment extends Comment { /** Gets the URL of the source map referenced by this comment. */ string getSourceMappingUrl() { result = url } - - /** DEPRECATED: Alias for getSourceMappingUrl */ - deprecated string getSourceMappingURL() { result = this.getSourceMappingUrl() } } diff --git a/javascript/ql/lib/semmle/javascript/Stmt.qll b/javascript/ql/lib/semmle/javascript/Stmt.qll index 9adfece36a0c..93eb1d1dea07 100644 --- a/javascript/ql/lib/semmle/javascript/Stmt.qll +++ b/javascript/ql/lib/semmle/javascript/Stmt.qll @@ -434,36 +434,6 @@ module Directive { } } -/** DEPRECATED. Use `Directive::KnownDirective` instead. */ -deprecated class KnownDirective = Directive::KnownDirective; - -/** DEPRECATED. Use `Directive::StrictModeDecl` instead. */ -deprecated class StrictModeDecl = Directive::StrictModeDecl; - -/** DEPRECATED. Use `Directive::AsmJSDirective` instead. */ -deprecated class AsmJSDirective = Directive::AsmJSDirective; - -/** DEPRECATED. Use `Directive::BabelDirective` instead. */ -deprecated class BabelDirective = Directive::BabelDirective; - -/** DEPRECATED. Use `Directive::SixToFiveDirective` instead. */ -deprecated class SixToFiveDirective = Directive::SixToFiveDirective; - -/** DEPRECATED. Use `Directive::SystemJSFormatDirective` instead. */ -deprecated class SystemJSFormatDirective = Directive::SystemJSFormatDirective; - -/** DEPRECATED. Use `Directive::NgInjectDirective` instead. */ -deprecated class NgInjectDirective = Directive::NgInjectDirective; - -/** DEPRECATED. Use `Directive::YuiDirective` instead. */ -deprecated class YuiDirective = Directive::YuiDirective; - -/** DEPRECATED. Use `Directive::SystemJSDepsDirective` instead. */ -deprecated class SystemJSDepsDirective = Directive::SystemJSDepsDirective; - -/** DEPRECATED. Use `Directive::BundleDirective` instead. */ -deprecated class BundleDirective = Directive::BundleDirective; - /** * An `if` statement. * diff --git a/javascript/ql/lib/semmle/javascript/YAML.qll b/javascript/ql/lib/semmle/javascript/YAML.qll index 1ab562b9524d..24486b729c04 100644 --- a/javascript/ql/lib/semmle/javascript/YAML.qll +++ b/javascript/ql/lib/semmle/javascript/YAML.qll @@ -54,12 +54,3 @@ private class MyYmlNode extends Locatable instanceof YamlNode { override string toString() { result = YamlNode.super.toString() } } - -/** DEPRECATED: Alias for YamlNode */ -deprecated class YAMLNode = YamlNode; - -/** DEPRECATED: Alias for YamlValue */ -deprecated class YAMLValue = YamlValue; - -/** DEPRECATED: Alias for YamlScalar */ -deprecated class YAMLScalar = YamlScalar; diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll b/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll index dbcbc0635db1..f6ac5854f4d7 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll @@ -88,12 +88,6 @@ module Connect { override DataFlow::Node getServer() { result = server } - /** - * DEPRECATED: Use `getARouteHandlerNode` instead. - * Gets an argument that represents a route handler being registered. - */ - deprecated Expr getARouteHandlerExpr() { result = this.getARouteHandlerNode().asExpr() } - /** * Gets an argument that represents a route handler being registered. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/GWT.qll b/javascript/ql/lib/semmle/javascript/frameworks/GWT.qll index 345873719a6a..7fa72c9a9f04 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/GWT.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/GWT.qll @@ -28,9 +28,6 @@ class GwtHeader extends InlineScript { result = e.getStringValue() ) } - - /** DEPRECATED: Alias for getGwtVersion */ - deprecated string getGWTVersion() { result = this.getGwtVersion() } } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll b/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll index 096877900c97..ebfe042f4d06 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Vue.qll @@ -183,14 +183,6 @@ module Vue { result = this.getAsClassComponent().getDecoratorOptions() } - /** - * DEPRECATED. Use `getOwnOptions().getASink()`. - * - * Gets the options passed to the Vue object, such as the object literal `{...}` in `new Vue{{...})` - * or the default export of a single-file component. - */ - deprecated DataFlow::Node getOwnOptionsObject() { result = this.getOwnOptions().asSink() } - /** * Gets the class implementing this Vue component, if any. * diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll index 140bf59c4e65..c799d4f135f0 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll @@ -47,9 +47,6 @@ class OspreyMethodDefinition extends MethodCallExpr { /** Get the API to which this method belongs. */ OspreyApi getApi() { this.getReceiver() = result.getAnAccess() } - /** DEPRECATED: Alias for getApi */ - deprecated OspreyApi getAPI() { result = this.getApi() } - /** Get the verb which this method implements. */ string getVerb() { result = this.getMethodName() } diff --git a/python/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/python/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..cb8f4c3fbbcf --- /dev/null +++ b/python/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: breaking +--- +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. +* Deleted the deprecated `semmle.python.RegexTreeView` module, use `semmle.python.regexp.RegexTreeView` instead. +* Deleted the deprecated `RegexString` class from `regex.qll`. +* Deleted the deprecated `Regex` class, use `RegExp` instead. +* Deleted the deprecated `semmle/python/security/SQL.qll` file. +* Deleted the deprecated `useSSL` predicates from the LDAP libraries, use `useSsl` instead. \ No newline at end of file diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll deleted file mode 100644 index 84cfaa3a4c7e..000000000000 --- a/python/ql/lib/semmle/python/RegexTreeView.qll +++ /dev/null @@ -1,6 +0,0 @@ -/** - * Deprecated. Use `semmle.python.regexp.RegexTreeView` instead. - */ - -deprecated import regexp.RegexTreeView as Dep -import Dep diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll index 3b1439511d1c..359fa71744b4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll index 3b1439511d1c..359fa71744b4 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll b/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll index d02935224044..0ce4bc27790e 100644 --- a/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll +++ b/python/ql/lib/semmle/python/dataflow/old/TaintTracking.qll @@ -664,14 +664,6 @@ module DataFlow { } } -deprecated private class DataFlowType extends TaintKind { - // this only exists to avoid an empty recursion error in the type checker - DataFlowType() { - this = "Data flow" and - 1 = 2 - } -} - pragma[noinline] private predicate dict_construct(ControlFlowNode itemnode, ControlFlowNode dictnode) { dictnode.(DictNode).getAValue() = itemnode diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 0c96e5049464..4a5a35d5b633 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -14,8 +14,3 @@ RegExpTerm getTermForExecution(Concepts::RegexExecution exec) { result.isRootTerm() ) } - -/** A StringLiteral used as a regular expression */ -deprecated class RegexString extends Regex { - RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } -} diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index 6ac12e00e818..7e23554e0589 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -100,11 +100,6 @@ private module FindRegexMode { private string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } } -/** - * DEPRECATED: Use `RegExp` instead. - */ -deprecated class Regex = RegExp; - /** A StringLiteral used as a regular expression */ class RegExp extends Expr instanceof StringLiteral { DataFlow::Node use; diff --git a/python/ql/lib/semmle/python/security/SQL.qll b/python/ql/lib/semmle/python/security/SQL.qll deleted file mode 100644 index 6485402b78ad..000000000000 --- a/python/ql/lib/semmle/python/security/SQL.qll +++ /dev/null @@ -1,4 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking - -abstract deprecated class SqlInjectionSink extends TaintSink { } diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll index d9bb9797c634..0e4bd6441e9b 100644 --- a/python/ql/src/experimental/semmle/python/Concepts.qll +++ b/python/ql/src/experimental/semmle/python/Concepts.qll @@ -188,9 +188,6 @@ module LdapBind { * Holds if the binding process use SSL. */ abstract predicate useSsl(); - - /** DEPRECATED: Alias for useSsl */ - deprecated predicate useSSL() { this.useSsl() } } } @@ -215,9 +212,6 @@ class LdapBind extends DataFlow::Node instanceof LdapBind::Range { * Holds if the binding process use SSL. */ predicate useSsl() { super.useSsl() } - - /** DEPRECATED: Alias for useSsl */ - deprecated predicate useSSL() { this.useSsl() } } /** Provides classes for modeling SQL sanitization libraries. */ diff --git a/ruby/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/ruby/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..7f7c3258fb82 --- /dev/null +++ b/ruby/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,8 @@ +--- +category: breaking +--- +* Deleted the deprecated `getURL` predicate the `Http::Request` class, use `getAUrlPart` instead. +* Deleted the deprecated `getNode` predicate from the `CfgNode` class, use `getAstNode` instead. +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. +* Deleted many deprecated dataflow configurations based on `DataFlow::Configuration`. +* Deleted many deprecated taint-tracking configurations based on `TaintTracking::Configuration`. diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index 68a9eee8ff1d..bd6faaacd69e 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -693,14 +693,6 @@ module Http { class Request extends SC::Request instanceof Request::Range { /** Gets a node which returns the body of the response */ DataFlow::Node getResponseBody() { result = super.getResponseBody() } - - /** - * DEPRECATED: Use `getAUrlPart` instead. - * - * Gets a node that contributes to the URL of the request. - * Depending on the framework, a request may have multiple nodes which contribute to the URL. - */ - deprecated DataFlow::Node getURL() { result = Request::Range.super.getAUrlPart() } } /** Provides a class for modeling new HTTP requests. */ diff --git a/ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll b/ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll index 67f0f6557942..dee31d8e901b 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll @@ -40,9 +40,6 @@ class CfgNode extends CfgImpl::Node { /** Gets the file of this control flow node. */ final File getFile() { result = this.getLocation().getFile() } - /** DEPRECATED: Use `getAstNode` instead. */ - deprecated AstNode getNode() { result = this.getAstNode() } - /** Gets a successor node of a given type, if any. */ final CfgNode getASuccessor(SuccessorType t) { result = super.getASuccessor(t) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll index 3b1439511d1c..359fa71744b4 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index ee3105c3be71..c56501bad3ed 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -1323,11 +1323,6 @@ class CallableNode extends StmtSequenceNode { * Gets a data flow node whose value is about to be returned by this callable. */ Node getAReturnNode() { result = getAReturnNode(callable) } - - /** - * DEPRECATED. Use `getAReturnNode` instead. - */ - deprecated Node getAReturningNode() { result = this.getAReturnNode() } } /** diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll index 928a9f60a5f7..27d30950ad70 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll @@ -10,7 +10,4 @@ module Rack { import rack.internal.Request import rack.internal.Response::Public as Response import rack.internal.Utils - - /** DEPRECATED: Alias for App::AppCandidate */ - deprecated class AppCandidate = App::AppCandidate; } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll index 94c4a6fb0373..fbb33ecd64b0 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll @@ -39,31 +39,6 @@ private RP::PotentialResponseNode trackRackResponse(PotentialRequestHandler call * Provides modeling for Rack applications. */ module App { - /** - * DEPRECATED: Use `RequestHandler` instead. - * A class that may be a rack application. - * This is a class that has a `call` method that takes a single argument - * (traditionally called `env`) and returns a rack-compatible response. - */ - deprecated class AppCandidate extends DataFlow::ClassNode { - private RequestHandler call; - private RP::PotentialResponseNode resp; - - AppCandidate() { - call = this.getInstanceMethod("call") and - call.getNumberOfParameters() = 1 and - resp = trackRackResponse(call) - } - - /** - * Gets the environment of the request, which is the lone parameter to the `call` method. - */ - DataFlow::ParameterNode getEnv() { result = call.getParameter(0) } - - /** Gets the response returned from a request to this application. */ - RP::PotentialResponseNode getResponse() { result = resp } - } - /** * A callable node that looks like it implements the rack specification. */ diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll index 69fae5501941..9e813209b53c 100644 --- a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll @@ -10,28 +10,6 @@ private import codeql.ruby.AST private import codeql.ruby.DataFlow import InsecureDownloadCustomizations::InsecureDownload -/** - * A taint tracking configuration for download of sensitive file through insecure connection. - * - * DEPRECATED: Use `InsecureDownloadFlow`. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "InsecureDownload" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowState label) { - source.(Source).getALabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowState label) { - sink.(Sink).getALabel() = label - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } -} - private module InsecureDownloadConfig implements DataFlow::StateConfigSig { class FlowState = Label::State; diff --git a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll index 7254d12b8fe6..b6520fedf4fe 100644 --- a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll @@ -17,29 +17,6 @@ import codeql.ruby.TaintTracking */ deprecated module StoredXss { import XSS::StoredXss - - /** - * DEPRECATED. - * - * A taint-tracking configuration for reasoning about Stored XSS. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StoredXss" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - isAdditionalXssTaintStep(node1, node2) - } - } - import TaintTracking::Global } diff --git a/ruby/ql/lib/codeql/ruby/security/internal/CleartextSources.qll b/ruby/ql/lib/codeql/ruby/security/internal/CleartextSources.qll index dc31b7f49ee1..3338bbf65f70 100644 --- a/ruby/ql/lib/codeql/ruby/security/internal/CleartextSources.qll +++ b/ruby/ql/lib/codeql/ruby/security/internal/CleartextSources.qll @@ -289,17 +289,4 @@ module CleartextSources { override string describe() { result = "a call to " + name } } - - /** Holds if `nodeFrom` taints `nodeTo`. */ - deprecated predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - exists(string name, ElementReference ref, LocalVariable hashVar | - // from `hsh[password] = "changeme"` to a `hsh[password]` read - nodeFrom.(HashKeyWriteSensitiveSource).getName() = name and - nodeTo.asExpr().getExpr() = ref and - ref.getArgument(0).getConstantValue().getStringlikeValue() = name and - nodeFrom.(HashKeyWriteSensitiveSource).getVariable() = hashVar and - ref.getReceiver().(VariableReadAccess).getVariable() = hashVar and - nodeFrom.asExpr().getASuccessor*() = nodeTo.asExpr() - ) - } } diff --git a/swift/ql/lib/change-notes/2024-09-03-outdated-deprecations.md b/swift/ql/lib/change-notes/2024-09-03-outdated-deprecations.md new file mode 100644 index 000000000000..2970b481c50d --- /dev/null +++ b/swift/ql/lib/change-notes/2024-09-03-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: breaking +--- +* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration` instead. +* Deleted the deprecated `getDerivedTypeDecl` predicate from the `TypeDecl` class, use `getADerivedTypeDecl` or `getABaseTypeDecl` instead. \ No newline at end of file diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll index 3b1439511d1c..359fa71744b4 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll @@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string { */ predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - /** * Holds if hidden nodes should be included in the data flow graph. * diff --git a/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll index 9055f29d6ca9..15c6bd1609c6 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll @@ -75,13 +75,6 @@ class TypeDecl extends Generated::TypeDecl { */ TypeDecl getABaseTypeDecl() { result = this.getABaseType().(AnyGenericType).getDeclaration() } - /** - * Gets a declaration that has this type as its `index`th base type. - * - * DEPRECATED: The index is not very meaningful here. Use `getADerivedTypeDecl` or `getABaseTypeDecl`. - */ - deprecated TypeDecl getDerivedTypeDecl(int i) { result.getBaseTypeDecl(i) = this } - /** * Gets the declaration of any type derived from this type declaration. Expands protocols * added in extensions and expands type aliases. For example in the following code, `B`