use my script to delete outdated deprecations

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -36,16 +36,6 @@ module PrivateCleartextWrite {
     }
   }
 
-  deprecated class WriteConfig extends TaintTracking::Configuration {
-    WriteConfig() { this = "Write configuration" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-  }
-
   private module WriteConfig implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -60,18 +60,6 @@ class Declaration extends Locatable, @declaration {
    */
   string getQualifiedName() { result = underlyingElement(this).(Q::Declaration).getQualifiedName() }
 
-  /**
-   * DEPRECATED: Prefer `hasGlobalName` or the 2-argument or 3-argument
-   * `hasQualifiedName` predicates. To get the exact same results as this
-   * predicate in all edge cases, use `getQualifiedName()`.
-   *
-   * Holds if this declaration has the fully-qualified name `qualifiedName`.
-   * See `getQualifiedName`.
-   */
-  deprecated predicate hasQualifiedName(string qualifiedName) {
-    this.getQualifiedName() = qualifiedName
-  }
-
   /**
    * Holds if this declaration has a fully-qualified name with a name-space
    * component of `namespaceQualifier`, a declaring type of `typeQualifier`,
@@ -185,9 +173,6 @@ class Declaration extends Locatable, @declaration {
   /** Holds if the declaration has a definition. */
   predicate hasDefinition() { exists(this.getDefinition()) }
 
-  /** DEPRECATED: Use `hasDefinition` instead. */
-  deprecated predicate isDefined() { this.hasDefinition() }
-
   /** Gets the preferred location of this declaration, if any. */
   override Location getLocation() { none() }
 

cpp/ql/lib/semmle/code/cpp/Function.qll

@@ -30,46 +30,6 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
 
   override string getName() { functions(underlyingElement(this), result, _) }
 
-  /**
-   * DEPRECATED: Use `getIdentityString(Declaration)` from `semmle.code.cpp.Print` instead.
-   * Gets the full signature of this function, including return type, parameter
-   * types, and template arguments.
-   *
-   * For example, in the following code:
-   * ```
-   * template<typename T> T min(T x, T y);
-   * int z = min(5, 7);
-   * ```
-   * The full signature of the function called on the last line would be
-   * `min<int>(int, int) -> int`, and the full signature of the uninstantiated
-   * template on the first line would be `min<T>(T, T) -> T`.
-   */
-  deprecated string getFullSignature() {
-    exists(string name, string templateArgs, string args |
-      result = name + templateArgs + args + " -> " + this.getType().toString() and
-      name = this.getQualifiedName() and
-      (
-        if exists(this.getATemplateArgument())
-        then
-          templateArgs =
-            "<" +
-              concat(int i |
-                exists(this.getTemplateArgument(i))
-              |
-                this.getTemplateArgument(i).toString(), ", " order by i
-              ) + ">"
-        else templateArgs = ""
-      ) and
-      args =
-        "(" +
-          concat(int i |
-            exists(this.getParameter(i))
-          |
-            this.getParameter(i).getType().toString(), ", " order by i
-          ) + ")"
-    )
-  }
-
   /** Gets a specifier of this function. */
   override Specifier getASpecifier() {
     funspecifiers(underlyingElement(this), unresolveElement(result)) or

cpp/ql/lib/semmle/code/cpp/PrintAST.qll

@@ -286,9 +286,6 @@ abstract class BaseAstNode extends PrintAstNode {
    * Gets the AST represented by this node.
    */
   final Locatable getAst() { result = ast }
-
-  /** DEPRECATED: Alias for getAst */
-  deprecated Locatable getAST() { result = this.getAst() }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll

@@ -7,15 +7,6 @@ import semmle.code.cpp.models.interfaces.Deallocation
  */
 predicate freeFunction(Function f, int argNum) { argNum = f.(DeallocationFunction).getFreedArg() }
 
-/**
- * A call to a library routine that frees memory.
- *
- * DEPRECATED: Use `DeallocationExpr` instead (this also includes `delete` expressions).
- */
-deprecated predicate freeCall(FunctionCall fc, Expr arg) {
-  arg = fc.(DeallocationExpr).getFreedExpr()
-}
-
 /**
  * Is e some kind of allocation or deallocation (`new`, `alloc`, `realloc`, `delete`, `free` etc)?
  */

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll

@@ -195,17 +195,6 @@ class ClassAggregateLiteral extends AggregateLiteral {
    */
   Expr getAFieldExpr(Field field) { result = this.getFieldExpr(field, _) }
 
-  /**
-   * DEPRECATED: Use `getAFieldExpr` instead.
-   *
-   * Gets the expression within the aggregate literal that is used to initialize
-   * field `field`, if present.
-   *
-   * This predicate may have multiple results since a field can be initialized
-   * multiple times in the same initializer.
-   */
-  deprecated Expr getFieldExpr(Field field) { result = this.getFieldExpr(field, _) }
-
   /**
    * Gets the expression within the aggregate literal that is used to initialize
    * field `field`, if present. The expression is the `position`'th entry in the
@@ -300,17 +289,6 @@ class ArrayOrVectorAggregateLiteral extends AggregateLiteral {
    */
   Expr getAnElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) }
 
-  /**
-   * DEPRECATED: Use `getAnElementExpr` instead.
-   *
-   * Gets the expression within the aggregate literal that is used to initialize
-   * element `elementIndex`, if present.
-   *
-   * This predicate may have multiple results since an element can be initialized
-   * multiple times in the same initializer.
-   */
-  deprecated Expr getElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) }
-
   /**
    * Gets the expression within the aggregate literal that is used to initialize
    * element `elementIndex`, if present. The expression is the `position`'th entry

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll

@@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable {
    */
   abstract Language::AST getAst();
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
   /**
    * Gets an identifier string for the variable. This identifier is unique
    * within the function.
@@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable {
 
   final override Language::AST getAst() { result = var }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   final override string getUniqueId() {
     result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString()
   }
@@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable {
 
   final override Language::AST getAst() { result = ast }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   override string toString() { result = this.getBaseString() + this.getLocationString() }
 
   override string getUniqueId() { none() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

@@ -285,9 +285,6 @@ abstract private class MemoryLocation0 extends TMemoryLocation {
   predicate isAlwaysAllocatedOnStack() { none() }
 
   final predicate canReuseSsa() { none() }
-
-  /** DEPRECATED: Alias for canReuseSsa */
-  deprecated predicate canReuseSSA() { this.canReuseSsa() }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll

@@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable {
    */
   abstract Language::AST getAst();
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
   /**
    * Gets an identifier string for the variable. This identifier is unique
    * within the function.
@@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable {
 
   final override Language::AST getAst() { result = var }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   final override string getUniqueId() {
     result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString()
   }
@@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable {
 
   final override Language::AST getAst() { result = ast }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   override string toString() { result = this.getBaseString() + this.getLocationString() }
 
   override string getUniqueId() { none() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -216,9 +216,6 @@ abstract class TranslatedSideEffects extends TranslatedElement {
 
   final override Locatable getAst() { result = this.getExpr() }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Declaration getFunction() { result = getEnclosingDeclaration(this.getExpr()) }
 
   final override TranslatedElement getChild(int i) {
@@ -616,9 +613,6 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
 
   final override Locatable getAst() { result = arg }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Type getIndirectionType() {
     result = arg.getUnspecifiedType().(DerivedType).getBaseType()
     or
@@ -651,9 +645,6 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect
 
   final override Locatable getAst() { result = call }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() }
 
   final override string getArgString() { result = "this" }
@@ -675,9 +666,6 @@ class TranslatedCallSideEffect extends TranslatedSideEffect, TTranslatedCallSide
 
   override Locatable getAst() { result = expr }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override Expr getPrimaryExpr() { result = expr }
 
   override predicate sortOrder(int group, int indexInGroup) {
@@ -716,9 +704,6 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl
 
   override Locatable getAst() { result = expr }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override Expr getPrimaryExpr() { result = expr }
 
   override predicate sortOrder(int group, int indexInGroup) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -29,9 +29,6 @@ abstract class TranslatedCondition extends TranslatedElement {
 
   final override Locatable getAst() { result = expr }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final ConditionContext getConditionContext() { result = this.getParent() }
 
   final Expr getExpr() { result = expr }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -45,9 +45,6 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
   final override string toString() { result = entry.toString() }
 
   final override Locatable getAst() { result = entry.getAst() }
-
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
 }
 
 /**
@@ -248,9 +245,6 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement,
 
   final override Locatable getAst() { result = entry.getAst() }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override LocalVariable getVariable() { result = var }
 
   final override Declaration getFunction() { result = var.getFunction() }
@@ -277,9 +271,6 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans
 
   override Locatable getAst() { result = conditionDeclExpr }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) }
 
   override LocalVariable getVariable() { result = conditionDeclExpr.getVariable() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -926,9 +926,6 @@ abstract class TranslatedElement extends TTranslatedElement {
    */
   abstract Locatable getAst();
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated Locatable getAST() { result = this.getAst() }
-
   /** Gets the location of this element. */
   Location getLocation() { result = this.getAst().getLocation() }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

@@ -67,9 +67,6 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
 
   final override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   /**
    * Gets the function being translated.
    */
@@ -483,9 +480,6 @@ class TranslatedThisParameter extends TranslatedParameter, TTranslatedThisParame
 
   final override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Function getFunction() { result = func }
 
   final override predicate hasIndirection() { any() }
@@ -518,9 +512,6 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara
 
   final override Locatable getAst() { result = param }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Function getFunction() {
     result = param.getFunction() or
     result = param.getCatchBlock().getEnclosingFunction()
@@ -558,9 +549,6 @@ class TranslatedEllipsisParameter extends TranslatedParameter, TTranslatedEllips
 
   final override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Function getFunction() { result = func }
 
   final override predicate hasIndirection() { any() }
@@ -597,9 +585,6 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
 
   override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override TranslatedElement getChild(int id) {
     exists(ConstructorFieldInit fieldInit |
       fieldInit = func.(Constructor).getInitializer(id) and
@@ -677,9 +662,6 @@ class TranslatedDestructorDestructionList extends TranslatedElement,
 
   override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override TranslatedElement getChild(int id) {
     exists(DestructorFieldDestruction fieldDestruction |
       fieldDestruction = func.(Destructor).getDestruction(id) and
@@ -733,9 +715,6 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects {
 
   override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override Function getFunction() { result = func }
 
   override string toString() { result = "read effects: " + func.toString() }
@@ -839,9 +818,6 @@ class TranslatedThisReadEffect extends TranslatedReadEffect, TTranslatedThisRead
 
   override Locatable getAst() { result = func }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override Function getFunction() { result = func }
 
   override string toString() { result = "read effect: this" }
@@ -865,9 +841,6 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar
 
   override Locatable getAst() { result = param }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   override string toString() { result = "read effect: " + param.toString() }
 
   override Function getFunction() { result = param.getFunction() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -153,9 +153,6 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
 
   final override Locatable getAst() { result = expr }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   /**
    * Gets the expression that is doing the initialization.
    */
@@ -528,9 +525,6 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
 
   final override Locatable getAst() { result = ast }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Declaration getFunction() {
     result = getEnclosingFunction(ast) or
     result = getEnclosingVariable(ast).(GlobalOrNamespaceVariable) or
@@ -701,9 +695,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
 
   final override Locatable getAst() { result = initList }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Declaration getFunction() {
     result = getEnclosingFunction(initList)
     or
@@ -912,9 +903,6 @@ abstract class TranslatedStructorCallFromStructor extends TranslatedElement, Str
 
   final override Locatable getAst() { result = call }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override TranslatedElement getChild(int id) {
     id = 0 and
     result = this.getStructorCall()
@@ -1058,9 +1046,6 @@ class TranslatedConstructorBareInit extends TranslatedElement, TTranslatedConstr
 
   override Locatable getAst() { result = init }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override string toString() { result = "construct base (no constructor)" }
 
   override Instruction getFirstInstruction(EdgeKind kind) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll

@@ -268,9 +268,6 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
 
   final override Locatable getAst() { result = stmt }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Locatable getAST() { result = this.getAst() }
-
   final override Function getFunction() { result = stmt.getEnclosingFunction() }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll

@@ -50,9 +50,6 @@ abstract private class AbstractIRVariable extends TIRVariable {
    */
   abstract Language::AST getAst();
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
   /**
    * Gets an identifier string for the variable. This identifier is unique
    * within the function.
@@ -96,9 +93,6 @@ class IRUserVariable extends AbstractIRVariable, TIRUserVariable {
 
   final override Language::AST getAst() { result = var }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   final override string getUniqueId() {
     result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString()
   }
@@ -163,9 +157,6 @@ abstract private class AbstractIRGeneratedVariable extends AbstractIRVariable {
 
   final override Language::AST getAst() { result = ast }
 
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
   override string toString() { result = this.getBaseString() + this.getLocationString() }
 
   override string getUniqueId() { none() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll

@@ -71,9 +71,6 @@ class MemoryLocation extends TMemoryLocation {
   final string getUniqueId() { result = var.getUniqueId() }
 
   final predicate canReuseSsa() { canReuseSsaForVariable(var) }
-
-  /** DEPRECATED: Alias for canReuseSsa */
-  deprecated predicate canReuseSSA() { this.canReuseSsa() }
 }
 
 predicate canReuseSsaForOldResult(Instruction instr) { none() }

cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll

@@ -353,22 +353,6 @@ module BoostorgAsio {
   }
 
   //////////////////////// Dataflow /////////////////////
-  /**
-   * Abstract class for flows of protocol values to the first argument of a context
-   * constructor.
-   */
-  abstract deprecated class SslContextCallAbstractConfig extends DataFlow::Configuration {
-    bindingset[this]
-    SslContextCallAbstractConfig() { any() }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(ConstructorCall cc, SslContextClass c, Expr e | e = sink.asExpr() |
-        c.getAContructorCall() = cc and
-        cc.getArgument(0) = e
-      )
-    }
-  }
-
   /**
    * Signature for flows of protocol values to the first argument of a context
    * constructor.
@@ -402,20 +386,6 @@ module BoostorgAsio {
     import DataFlow::Global<C>
   }
 
-  /**
-   * Any protocol value that flows to the first argument of a context constructor.
-   */
-  deprecated class SslContextCallConfig extends SslContextCallAbstractConfig {
-    SslContextCallConfig() { this = "SslContextCallConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%")
-      )
-    }
-  }
-
   /**
    * Any protocol value that flows to the first argument of a context constructor.
    */
@@ -430,21 +400,6 @@ module BoostorgAsio {
 
   module SslContextCallFlow = SslContextCallGlobal<SslContextCallConfig>;
 
-  /**
-   * A banned protocol value that flows to the first argument of a context constructor.
-   */
-  deprecated class SslContextCallBannedProtocolConfig extends SslContextCallAbstractConfig {
-    SslContextCallBannedProtocolConfig() { this = "SslContextCallBannedProtocolConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
-        isExprBannedBoostProtocol(e)
-      )
-    }
-  }
-
   /**
    * A banned protocol value that flows to the first argument of a context constructor.
    */
@@ -461,21 +416,6 @@ module BoostorgAsio {
   module SslContextCallBannedProtocolFlow =
     SslContextCallGlobal<SslContextCallBannedProtocolConfig>;
 
-  /**
-   * A TLS 1.2 protocol value that flows to the first argument of a context constructor.
-   */
-  deprecated class SslContextCallTls12ProtocolConfig extends SslContextCallAbstractConfig {
-    SslContextCallTls12ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
-        isExprTls12BoostProtocol(e)
-      )
-    }
-  }
-
   /**
    * A TLS 1.2 protocol value that flows to the first argument of a context constructor.
    */
@@ -491,21 +431,6 @@ module BoostorgAsio {
 
   module SslContextCallTls12ProtocolFlow = SslContextCallGlobal<SslContextCallTls12ProtocolConfig>;
 
-  /**
-   * A TLS 1.3 protocol value that flows to the first argument of a context constructor.
-   */
-  deprecated class SslContextCallTls13ProtocolConfig extends SslContextCallAbstractConfig {
-    SslContextCallTls13ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
-        isExprTls13BoostProtocol(e)
-      )
-    }
-  }
-
   /**
    * A TLS 1.3 protocol value that flows to the first argument of a context constructor.
    */
@@ -521,21 +446,6 @@ module BoostorgAsio {
 
   module SslContextCallTls13ProtocolFlow = SslContextCallGlobal<SslContextCallTls13ProtocolConfig>;
 
-  /**
-   * A generic TLS protocol value that flows to the first argument of a context constructor.
-   */
-  deprecated class SslContextCallTlsProtocolConfig extends SslContextCallAbstractConfig {
-    SslContextCallTlsProtocolConfig() { this = "SslContextCallTlsProtocolConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
-        isExprTlsBoostProtocol(e)
-      )
-    }
-  }
-
   /**
    * A generic TLS protocol value that flows to the first argument of a context constructor.
    */
@@ -551,30 +461,6 @@ module BoostorgAsio {
 
   module SslContextCallTlsProtocolFlow = SslContextCallGlobal<SslContextCallTlsProtocolConfig>;
 
-  /**
-   * A context constructor call that flows to a call to `SetOptions()`.
-   */
-  deprecated class SslContextFlowsToSetOptionConfig extends DataFlow::Configuration {
-    SslContextFlowsToSetOptionConfig() { this = "SslContextFlowsToSetOptionConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(SslContextClass c, ConstructorCall cc |
-        cc = source.asExpr() and
-        c.getAContructorCall() = cc
-      )
-    }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(FunctionCall fc, SslSetOptionsFunction f, Variable v, VariableAccess va |
-        va = sink.asExpr()
-      |
-        f.getACallToThisFunction() = fc and
-        v.getAnAccess() = va and
-        va = fc.getQualifier()
-      )
-    }
-  }
-
   /**
    * A context constructor call that flows to a call to `SetOptions()`.
    */
@@ -599,28 +485,6 @@ module BoostorgAsio {
 
   module SslContextFlowsToSetOptionFlow = DataFlow::Global<SslContextFlowsToSetOptionConfig>;
 
-  /**
-   * An option value that flows to the first parameter of a call to `SetOptions()`.
-   */
-  deprecated class SslOptionConfig extends DataFlow::Configuration {
-    SslOptionConfig() { this = "SslOptionConfig" }
-
-    override predicate isSource(DataFlow::Node source) {
-      exists(Expr e | e = source.asExpr() |
-        e.fromSource() and
-        not e.getLocation().getFile().toString().matches("%/boost/asio/%")
-      )
-    }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(SslSetOptionsFunction f, FunctionCall call |
-        sink.asExpr() = call.getArgument(0) and
-        f.getACallToThisFunction() = call and
-        not sink.getLocation().getFile().toString().matches("%/boost/asio/%")
-      )
-    }
-  }
-
   /**
    * An option value that flows to the first parameter of a call to `SetOptions()`.
    */

cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll

@@ -205,20 +205,6 @@ class ChecksForLeapYearFunctionCall extends FunctionCall {
   ChecksForLeapYearFunctionCall() { this.getTarget() instanceof ChecksForLeapYearFunction }
 }
 
-/**
- * Data flow configuration for finding a variable access that would flow into
- * a function call that includes an operation to check for leap year.
- */
-deprecated class LeapYearCheckConfiguration extends DataFlow::Configuration {
-  LeapYearCheckConfiguration() { this = "LeapYearCheckConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof VariableAccess }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(ChecksForLeapYearFunctionCall fc | sink.asExpr() = fc.getAnArgument())
-  }
-}
-
 /**
  * Data flow configuration for finding a variable access that would flow into
  * a function call that includes an operation to check for leap year.
@@ -233,33 +219,6 @@ private module LeapYearCheckConfig implements DataFlow::ConfigSig {
 
 module LeapYearCheckFlow = DataFlow::Global<LeapYearCheckConfig>;
 
-/**
- * Data flow configuration for finding an operation with hardcoded 365 that will flow into
- * a `FILEINFO` field.
- */
-deprecated class FiletimeYearArithmeticOperationCheckConfiguration extends DataFlow::Configuration {
-  FiletimeYearArithmeticOperationCheckConfiguration() {
-    this = "FiletimeYearArithmeticOperationCheckConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(Expr e, Operation op | e = source.asExpr() |
-      op.getAChild*().getValue().toInt() = 365 and
-      op.getAChild*() = e
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(StructLikeClass dds, FieldAccess fa, AssignExpr aexpr, Expr e | e = sink.asExpr() |
-      dds instanceof PackedTimeType and
-      fa.getQualifier().getUnderlyingType() = dds and
-      fa.isModified() and
-      aexpr.getAChild() = fa and
-      aexpr.getChild(1).getAChild*() = e
-    )
-  }
-}
-
 /**
  * Data flow configuration for finding an operation with hardcoded 365 that will flow into
  * a `FILEINFO` field.
@@ -286,51 +245,6 @@ private module FiletimeYearArithmeticOperationCheckConfig implements DataFlow::C
 module FiletimeYearArithmeticOperationCheckFlow =
   DataFlow::Global<FiletimeYearArithmeticOperationCheckConfig>;
 
-/**
- * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field.
- */
-deprecated class PossibleYearArithmeticOperationCheckConfiguration extends TaintTracking::Configuration
-{
-  PossibleYearArithmeticOperationCheckConfiguration() {
-    this = "PossibleYearArithmeticOperationCheckConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(Operation op | op = source.asExpr() |
-      op.getAChild*().getValue().toInt() = 365 and
-      (
-        not op.getParent() instanceof Expr or
-        op.getParent() instanceof Assignment
-      )
-    )
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    // flow from anything on the RHS of an assignment to a time/date structure to that
-    // assignment.
-    exists(StructLikeClass dds, FieldAccess fa, Assignment aexpr, Expr e |
-      e = node1.asExpr() and
-      fa = node2.asExpr()
-    |
-      (dds instanceof PackedTimeType or dds instanceof UnpackedTimeType) and
-      fa.getQualifier().getUnderlyingType() = dds and
-      aexpr.getLValue() = fa and
-      aexpr.getRValue().getAChild*() = e
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(StructLikeClass dds, FieldAccess fa, AssignExpr aexpr |
-      aexpr.getRValue() = sink.asExpr()
-    |
-      (dds instanceof PackedTimeType or dds instanceof UnpackedTimeType) and
-      fa.getQualifier().getUnderlyingType() = dds and
-      fa.isModified() and
-      aexpr.getLValue() = fa
-    )
-  }
-}
-
 /**
  * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field.
  */

cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll

@@ -129,24 +129,6 @@ class NetworkFunctionCall extends FunctionCall {
   NetworkFunctionCall() { this.getTarget().hasName(["ntohd", "ntohf", "ntohl", "ntohll", "ntohs"]) }
 }
 
-deprecated class NetworkToBufferSizeConfiguration extends DataFlow::Configuration {
-  NetworkToBufferSizeConfiguration() { this = "NetworkToBufferSizeConfiguration" }
-
-  override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall }
-
-  override predicate isSink(DataFlow::Node node) {
-    node.asExpr() = any(BufferAccess ba).getAccessedLength()
-  }
-
-  override predicate isBarrier(DataFlow::Node node) {
-    exists(GuardCondition gc, GVN gvn |
-      gc.getAChild*() = gvn.getAnExpr() and
-      globalValueNumber(node.asExpr()) = gvn and
-      gc.controls(node.asExpr().getBasicBlock(), _)
-    )
-  }
-}
-
 private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall }
 

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll

@@ -41,20 +41,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   string getFunctionDescription() { result = this.getExternalFunction().toString() }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(RemoteFlowSourceFunction remoteFlow |
-      remoteFlow = source.asExpr().(Call).getTarget() and
-      remoteFlow.hasRemoteFlowSource(_, _)
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
 private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll

@@ -41,15 +41,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   string getFunctionDescription() { result = this.getExternalFunction().toString() }
 }
 
-/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfigIR" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
 private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

cpp/ql/test/library-tests/dataflow/fields/Nodes.qll

@@ -13,9 +13,6 @@ class Node extends TNode {
 
   AST::DataFlow::Node asAst() { none() }
 
-  /** DEPRECATED: Alias for asAst */
-  deprecated AST::DataFlow::Node asAST() { result = this.asAst() }
-
   Location getLocation() { none() }
 }
 
@@ -28,9 +25,6 @@ class AstNode extends Node, TAstNode {
 
   override AST::DataFlow::Node asAst() { result = n }
 
-  /** DEPRECATED: Alias for asAst */
-  deprecated override AST::DataFlow::Node asAST() { result = this.asAst() }
-
   override Location getLocation() { result = n.getLocation() }
 }
 

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll

@@ -58,24 +58,6 @@ class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink
   override string getDescription() { result = "Decryptor(rgbKey, IV)" }
 }
 
-/**
- * DEPRECATED: Use `SymmetricKey` instead.
- *
- * Symmetric Key Data Flow configuration.
- */
-deprecated class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuration {
-  SymmetricKeyTaintTrackingConfiguration() { this = "SymmetricKeyTaintTracking" }
-
-  /** Holds if the node is a key source. */
-  override predicate isSource(DataFlow::Node src) { src instanceof KeySource }
-
-  /** Holds if the node is a symmetric encryption key sink. */
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SymmetricEncryptionKeySink }
-
-  /** Holds if the node is a key sanitizer. */
-  override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }
-}
-
 /**
  * Symmetric Key Data Flow configuration.
  */

csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll

@@ -61,33 +61,6 @@ module HardcodedSymmetricEncryptionKey {
     }
   }
 
-  /**
-   * DEPRECATED: Use `HardCodedSymmetricEncryption` instead.
-   *
-   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
-   */
-  deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-    TaintTrackingConfiguration() { this = "HardcodedSymmetricEncryptionKey" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-    /**
-     * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it.
-     * Need to create an additional custom step.
-     */
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(MethodCall mc, CryptographicBuffer c |
-        pred.asExpr() = mc.getAnArgument() and
-        mc.getTarget() = c.getAMethod() and
-        succ.asExpr() = mc
-      )
-    }
-  }
-
   /**
    * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
    */

csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll

@@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ClearTextStorage` instead.
- *
- * A taint-tracking configuration for cleartext storage of sensitive information.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ClearTextStorage" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for cleartext storage of sensitive information.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `CodeInjection` instead.
- *
- * A taint-tracking configuration for user input treated as code vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "CodeInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for user input treated as code vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `CommandInjection` instead.
- *
- * A taint-tracking configuration for command injection vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "CommandInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for command injection vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll

@@ -30,21 +30,6 @@ abstract class Sink extends ApiSinkExprNode {
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ConditionalBypass` instead.
- *
- * A taint-tracking configuration for user-controlled bypass of sensitive method.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UserControlledBypassOfSensitiveMethodConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for user-controlled bypass of sensitive method.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll

@@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ExposureOfPrivateInformation` instead.
- *
- * A taint-tracking configuration for private information flowing unencrypted to an external location.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ExposureOfPrivateInformation" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for private information flowing unencrypted to an external location.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll

@@ -73,19 +73,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   }
 }
 
-/**
- * DEPRECATED: Use `RemoteSourceToExternalApi` instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll

@@ -38,46 +38,6 @@ abstract class Sink extends ApiSinkExprNode {
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `HardcodedCredentials` instead.
- *
- * A taint-tracking configuration for hard coded credentials.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "HardcodedCredentials" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof Sink and
-    // Ignore values that are ultimately returned by mocks, as they don't represent "real"
-    // credentials.
-    not any(ReturnedByMockObject mock).getAMemberInitializationValue() = sink.asExpr() and
-    not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr()
-  }
-
-  override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
-    super.hasFlowPath(source, sink) and
-    // Exclude hard-coded credentials in tests if they only flow to calls to methods with a name
-    // like "Add*" "Create*" or "Update*". The rationale is that hard-coded credentials within
-    // tests that are only used for creating or setting values within tests are unlikely to
-    // represent credentials to some accessible system.
-    not (
-      source.getNode().asExpr().getFile() instanceof TestFile and
-      exists(MethodCall createOrAddCall, string createOrAddMethodName |
-        createOrAddMethodName.matches("Update%") or
-        createOrAddMethodName.matches("Create%") or
-        createOrAddMethodName.matches("Add%")
-      |
-        createOrAddCall.getTarget().hasName(createOrAddMethodName) and
-        createOrAddCall.getAnArgument() = sink.getNode().asExpr()
-      )
-    )
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for hard coded credentials.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll

@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `LdapInjection` instead.
- *
- * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "LDAPInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll

@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `LogForging` instead.
- *
- * A taint-tracking configuration for untrusted user input used in log entries.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "LogForging" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used in log entries.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -29,22 +29,6 @@ abstract class Sink extends ApiSinkExprNode {
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `MissingXxmlValidation` instead.
- *
- * A taint-tracking configuration for untrusted user input processed as XML without validation against a
- * known schema.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "MissingXMLValidation" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input processed as XML without validation against a
  * known schema.

csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll

@@ -25,21 +25,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ReDoS` instead.
- *
- * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ReDoS" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations.
  */
@@ -85,20 +70,6 @@ predicate isExponentialRegex(StringLiteral s) {
   s.getValue().regexpMatch(".*\\(\\([^()*+\\]]+\\]?\\)(\\*|\\+)\\.?\\)(\\*|\\+).*")
 }
 
-/**
- * DEPRECATED: Use `ExponentialRegexDataflow` instead.
- *
- * A data flow configuration for tracking exponential worst case time regular expression string
- * literals to the pattern argument of a regex.
- */
-deprecated class ExponentialRegexDataflow extends DataFlow2::Configuration {
-  ExponentialRegexDataflow() { this = "ExponentialRegex" }
-
-  override predicate isSource(DataFlow::Node s) { isExponentialRegex(s.asExpr()) }
-
-  override predicate isSink(DataFlow::Node s) { s.asExpr() = any(RegexOperation c).getPattern() }
-}
-
 /**
  * A data flow configuration for tracking exponential worst case time regular expression string
  * literals to the pattern argument of a regex.

csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll

@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `RegexInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used to construct regular expressions.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "RegexInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used to construct regular expressions.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll

@@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ResourceInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in resource descriptors.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ResourceInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used in resource descriptors.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll

@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `SqlInjection` instead.
- *
- * A taint-tracking configuration for SQL injection vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "SqlInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for SQL injection vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll

@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `TaintedPath` instead.
- *
- * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "TaintedPath" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll

@@ -51,21 +51,6 @@ abstract class Sanitizer extends DataFlow::Node { }
 
 private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }
 
-/**
- * DEPRECATED: Use `TaintToObjectMethodTracking` instead.
- *
- * User input to object method call deserialization flow tracking.
- */
-deprecated class TaintToObjectMethodTrackingConfig extends TaintTracking::Configuration {
-  TaintToObjectMethodTrackingConfig() { this = "TaintToObjectMethodTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * User input to object method call deserialization flow tracking configuration.
  */
@@ -82,23 +67,6 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig
  */
 module TaintToObjectMethodTracking = TaintTracking::Global<TaintToObjectMethodTrackingConfig>;
 
-/**
- * DEPRECATED: Use `JsonConvertTracking` instead.
- *
- * User input to `JsonConvert` call deserialization flow tracking.
- */
-deprecated class JsonConvertTrackingConfig extends TaintTracking::Configuration {
-  JsonConvertTrackingConfig() { this = "JsonConvertTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof NewtonsoftJsonConvertDeserializeObjectMethodSink
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * User input to `JsonConvert` call deserialization flow tracking configuration.
  */
@@ -117,61 +85,6 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig {
  */
 module JsonConvertTracking = TaintTracking::Global<JsonConvertTrackingConfig>;
 
-/**
- * DEPRECATED: Use `TypeNameTracking` instead.
- *
- * Tracks unsafe `TypeNameHandling` setting to `JsonConvert` call
- */
-deprecated class TypeNameTrackingConfig extends DataFlow::Configuration {
-  TypeNameTrackingConfig() { this = "TypeNameTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) {
-    (
-      source.asExpr() instanceof MemberConstantAccess and
-      source.getType() instanceof TypeNameHandlingEnum
-      or
-      source.asExpr() instanceof IntegerLiteral
-    ) and
-    source.asExpr().hasValue() and
-    not source.asExpr().getValue() = "0"
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc, Method m, Expr expr |
-      m = mc.getTarget() and
-      (
-        not mc.getArgument(0).hasValue() and
-        m instanceof NewtonsoftJsonConvertClassDeserializeObjectMethod
-      ) and
-      expr = mc.getAnArgument() and
-      sink.asExpr() = expr and
-      expr.getType() instanceof JsonSerializerSettingsClass
-    )
-  }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.asExpr() instanceof IntegerLiteral and
-    node2.asExpr().(CastExpr).getExpr() = node1.asExpr()
-    or
-    node1.getType() instanceof TypeNameHandlingEnum and
-    exists(PropertyWrite pw, Property p, Assignment a |
-      a.getLValue() = pw and
-      pw.getProperty() = p and
-      p.getDeclaringType() instanceof JsonSerializerSettingsClass and
-      p.hasName("TypeNameHandling") and
-      (
-        node1.asExpr() = a.getRValue() and
-        node2.asExpr() = pw.getQualifier()
-        or
-        exists(ObjectInitializer oi |
-          node1.asExpr() = oi.getAMemberInitializer().getRValue() and
-          node2.asExpr() = oi
-        )
-      )
-    )
-  }
-}
-
 /**
  * Configuration module for tracking unsafe `TypeNameHandling` setting to `JsonConvert` calls.
  */
@@ -228,24 +141,6 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig {
  */
 module TypeNameTracking = DataFlow::Global<TypeNameTrackingConfig>;
 
-/**
- * DEPRECATED: Use `TaintToConstructorOrStaticMethodTracking` instead.
- *
- * User input to static method or constructor call deserialization flow tracking.
- */
-deprecated class TaintToConstructorOrStaticMethodTrackingConfig extends TaintTracking::Configuration
-{
-  TaintToConstructorOrStaticMethodTrackingConfig() {
-    this = "TaintToConstructorOrStaticMethodTrackingConfig"
-  }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ConstructorOrStaticMethodSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * User input to static method or constructor call deserialization flow tracking configuration.
  */
@@ -263,41 +158,6 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo
 module TaintToConstructorOrStaticMethodTracking =
   TaintTracking::Global<TaintToConstructorOrStaticMethodTrackingConfig>;
 
-/**
- * DEPRECATED: Use `TaintToObjectTypeTracking` instead.
- *
- * User input to instance type flow tracking.
- */
-deprecated class TaintToObjectTypeTrackingConfig extends TaintTracking2::Configuration {
-  TaintToObjectTypeTrackingConfig() { this = "TaintToObjectTypeTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getTarget() instanceof UnsafeDeserializer and
-      sink.asExpr() = mc.getQualifier()
-    )
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(MethodCall mc, Method m |
-      m = mc.getTarget() and
-      m.getDeclaringType().hasFullyQualifiedName("System", "Type") and
-      m.hasName("GetType") and
-      m.isStatic() and
-      n1.asExpr() = mc.getArgument(0) and
-      n2.asExpr() = mc
-    )
-    or
-    exists(ObjectCreation oc |
-      n1.asExpr() = oc.getAnArgument() and
-      n2.asExpr() = oc and
-      oc.getObjectType() instanceof StrongTypeDeserializer
-    )
-  }
-}
-
 /**
  * User input to instance type flow tracking config.
  */
@@ -334,29 +194,6 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig {
  */
 module TaintToObjectTypeTracking = TaintTracking::Global<TaintToObjectTypeTrackingConfig>;
 
-/**
- * DEPRECATED: Use `WeakTypeCreationToUsageTracking` instead.
- *
- * Unsafe deserializer creation to usage tracking config.
- */
-deprecated class WeakTypeCreationToUsageTrackingConfig extends TaintTracking2::Configuration {
-  WeakTypeCreationToUsageTrackingConfig() { this = "DeserializerCreationToUsageTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(ObjectCreation oc |
-      oc.getObjectType() instanceof WeakTypeDeserializer and
-      source.asExpr() = oc
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getTarget() instanceof UnsafeDeserializer and
-      sink.asExpr() = mc.getQualifier()
-    )
-  }
-}
-
 /**
  * Unsafe deserializer creation to usage tracking config.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll

@@ -28,21 +28,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `UrlRedirect` instead.
- *
- * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "UrlRedirect" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll

@@ -44,26 +44,6 @@ private class InsecureXmlSink extends Sink {
  */
 abstract class Sanitizer extends DataFlow::Node { }
 
-/**
- * DEPRECATED: Use `XmlEntityInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in XML processing.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "XMLInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-  override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
-    super.hasFlowPath(source, sink) and
-    exists(sink.getNode().(Sink).getReason())
-  }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used in XML processing.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll

@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `XpathInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in XPath expression.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "XPathInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for untrusted user input used in XPath expression.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll

@@ -141,21 +141,6 @@ abstract class Source extends DataFlow::Node { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `XssTracking` instead.
- *
- * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking2::Configuration {
-  TaintTrackingConfiguration() { this = "XSSDataFlowConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities.
  */

csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll

@@ -21,21 +21,6 @@ abstract class Sink extends ApiSinkExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `ZipSlip` instead.
- *
- * A taint tracking configuration for Zip Slip.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ZipSlipTaintTracking" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint tracking configuration for Zip Slip.
  */

csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll

@@ -37,21 +37,6 @@ abstract class Sink extends DataFlow::ExprNode { }
  */
 abstract class Sanitizer extends DataFlow::ExprNode { }
 
-/**
- * DEPRECATED: Use `TaintedWebClient` instead.
- *
- * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "TaintedWebClientLib" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
  */

csharp/ql/src/experimental/CWE-918/RequestForgery.qll

@@ -23,39 +23,6 @@ module RequestForgery {
    */
   abstract private class Barrier extends DataFlow::Node { }
 
-  /**
-   * DEPRECATED: Use `RequestForgeryFlow` instead.
-   *
-   * A data flow configuration for detecting server side request forgery vulnerabilities.
-   */
-  deprecated class RequestForgeryConfiguration extends DataFlow::Configuration {
-    RequestForgeryConfiguration() { this = "Server Side Request forgery" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
-      interpolatedStringFlowStep(prev, succ)
-      or
-      stringReplaceStep(prev, succ)
-      or
-      uriCreationStep(prev, succ)
-      or
-      formatConvertStep(prev, succ)
-      or
-      toStringStep(prev, succ)
-      or
-      stringConcatStep(prev, succ)
-      or
-      stringFormatStep(prev, succ)
-      or
-      pathCombineStep(prev, succ)
-    }
-
-    override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
-  }
-
   /**
    * A data flow configuration for detecting server side request forgery vulnerabilities.
    */

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll

@@ -18,27 +18,6 @@ class TokenValidationParametersPropertySensitiveValidation extends Property {
   }
 }
 
-/**
- * DEPRECATED: Use `FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation` instead.
- *
- * A dataflow from a `false` value to a write sensitive property for `TokenValidationParameters`.
- */
-deprecated class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation extends DataFlow::Configuration
-{
-  FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation() {
-    this = "FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().getValue() = "false" and
-    source.asExpr().getType() instanceof BoolType
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(TokenValidationParametersPropertySensitiveValidation p).getAnAssignedValue()
-  }
-}
-
 /**
  * A dataflow configuration from a `false` value to a write sensitive property for `TokenValidationParameters`.
  */

csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll

@@ -40,26 +40,6 @@ private module AuthCookieNameConfig implements DataFlow::ConfigSig {
  */
 private module AuthCookieName = DataFlow::Global<AuthCookieNameConfig>;
 
-/**
- * DEPRECATED: Use `CookieOptionsTracking` instead.
- *
- * Tracks creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)` call as a third parameter.
- */
-deprecated class CookieOptionsTrackingConfiguration extends DataFlow::Configuration {
-  CookieOptionsTrackingConfiguration() { this = "CookieOptionsTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(ObjectCreation).getType() instanceof MicrosoftAspNetCoreHttpCookieOptions
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MicrosoftAspNetCoreHttpResponseCookies iResponse, MethodCall mc |
-      iResponse.getAppendMethod() = mc.getTarget() and
-      mc.getArgument(2) = sink.asExpr()
-    )
-  }
-}
-
 /**
  * Configuration module tracking creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)`
  * calls as a third parameter.
@@ -134,28 +114,6 @@ Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) {
  */
 predicate isPropertySet(ObjectCreation oc, string prop) { exists(getAValueForProp(oc, _, prop)) }
 
-/**
- * DEPRECATED: Use `OnAppendCookieSecureTracking` instead.
- *
- * Tracks if a callback used in `OnAppendCookie` sets `Secure` to `true`.
- */
-deprecated class OnAppendCookieSecureTrackingConfig extends OnAppendCookieTrackingConfig {
-  OnAppendCookieSecureTrackingConfig() { this = "OnAppendCookieSecureTrackingConfig" }
-
-  override string propertyName() { result = "Secure" }
-}
-
-/**
- * DEPRECATED: Use `OnAppendCookieHttpOnlyTracking` instead.
- *
- * Tracks if a callback used in `OnAppendCookie` sets `HttpOnly` to `true`.
- */
-deprecated class OnAppendCookieHttpOnlyTrackingConfig extends OnAppendCookieTrackingConfig {
-  OnAppendCookieHttpOnlyTrackingConfig() { this = "OnAppendCookieHttpOnlyTrackingConfig" }
-
-  override string propertyName() { result = "HttpOnly" }
-}
-
 /**
  * Tracks if a callback used in `OnAppendCookie` sets a cookie property to `true`.
  */

go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll

@@ -13,21 +13,6 @@ import go
 module AllocationSizeOverflow {
   import AllocationSizeOverflowCustomizations::AllocationSizeOverflow
 
-  /**
-   * DEPRECATED: Use copies of `FindLargeLensConfig` and `FindLargeLensFlow` instead.
-   *
-   * A taint-tracking configuration for identifying `len(...)` calls whose argument may be large.
-   */
-  deprecated class FindLargeLensConfiguration extends TaintTracking2::Configuration {
-    FindLargeLensConfiguration() { this = "AllocationSizeOverflow::FindLargeLens" }
-
-    override predicate isSource(DataFlow::Node nd) { nd instanceof Source }
-
-    override predicate isSink(DataFlow::Node nd) { nd = Builtin::len().getACall().getArgument(0) }
-
-    override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer }
-  }
-
   private module FindLargeLensConfig implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node nd) { nd instanceof Source }
 
@@ -47,39 +32,6 @@ module AllocationSizeOverflow {
     )
   }
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for identifying allocation-size overflows.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "AllocationSizeOverflow" }
-
-    override predicate isSource(DataFlow::Node nd) { nd instanceof Source }
-
-    /**
-     * Holds if `nd` is at a position where overflow might occur, and its result is used to compute
-     * allocation size `allocsz`.
-     */
-    predicate isSinkWithAllocationSize(DataFlow::Node nd, DataFlow::Node allocsz) {
-      nd.(Sink).getAllocationSize() = allocsz
-    }
-
-    override predicate isSink(DataFlow::Node nd) { this.isSinkWithAllocationSize(nd, _) }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      additionalStep(pred, succ)
-      or
-      exists(DataFlow::CallNode c |
-        c = getALargeLenCall() and
-        pred = c.getArgument(0) and
-        succ = c
-      )
-    }
-
-    override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer }
-  }
-
   /**
    * Holds if `nd` is at a position where overflow might occur, and its result is used to compute
    * allocation size `allocsz`.

go/ql/lib/semmle/go/security/CommandInjection.qll

@@ -16,27 +16,6 @@ import go
 module CommandInjection {
   import CommandInjectionCustomizations::CommandInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about command-injection vulnerabilities
-   * with sinks which are not sanitized by `--`.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "CommandInjection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(Sink s | sink = s | not s.doubleDashIsSanitizing())
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 
@@ -92,28 +71,6 @@ module CommandInjection {
     }
   }
 
-  /**
-   * DEPRECATED: Use `DoubleDashSanitizingFlow` instead.
-   *
-   * A taint-tracking configuration for reasoning about command-injection vulnerabilities
-   * with sinks which are sanitized by `--`.
-   */
-  deprecated class DoubleDashSanitizingConfiguration extends TaintTracking::Configuration {
-    DoubleDashSanitizingConfiguration() { this = "CommandInjectionWithDoubleDashSanitizer" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) {
-      exists(Sink s | sink = s | s.doubleDashIsSanitizing())
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer or
-      node = any(ArgumentArrayWithDoubleDash array).getASanitizedElement()
-    }
-  }
-
   private module DoubleDashSanitizingConfig implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/ExternalAPIs.qll

@@ -182,19 +182,6 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
   }
 }
 
-/**
- * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
- *
- * A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 private module UntrustedDataConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 
@@ -206,19 +193,6 @@ private module UntrustedDataConfig implements DataFlow::ConfigSig {
  */
 module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
 
-/**
- * DEPRECATED: Use `UntrustedDataToUnknownExternalApiFlow` instead.
- *
- * A configuration for tracking flow from `ThreatModelFlowSource`s to `UnknownExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
-}
-
 private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
 

go/ql/lib/semmle/go/security/LogInjection.qll

@@ -14,21 +14,6 @@ import go
 module LogInjection {
   import LogInjectionCustomizations::LogInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about log injection vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "LogInjection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer }
-  }
-
   /** Config for reasoning about log injection vulnerabilities. */
   module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }

java/ql/lib/semmle/code/java/JDK.qll

@@ -210,39 +210,6 @@ class TypeFile extends Class {
 }
 
 // --- Standard methods ---
-/**
- * DEPRECATED: Any constructor of class `java.lang.ProcessBuilder`.
- */
-deprecated class ProcessBuilderConstructor extends Constructor, ExecCallable {
-  ProcessBuilderConstructor() { this.getDeclaringType() instanceof TypeProcessBuilder }
-
-  override int getAnExecutedArgument() { result = 0 }
-}
-
-/**
- * DEPRECATED: Any of the methods named `command` on class `java.lang.ProcessBuilder`.
- */
-deprecated class MethodProcessBuilderCommand extends Method, ExecCallable {
-  MethodProcessBuilderCommand() {
-    this.hasName("command") and
-    this.getDeclaringType() instanceof TypeProcessBuilder
-  }
-
-  override int getAnExecutedArgument() { result = 0 }
-}
-
-/**
- * DEPRECATED: Any method named `exec` on class `java.lang.Runtime`.
- */
-deprecated class MethodRuntimeExec extends Method, ExecCallable {
-  MethodRuntimeExec() {
-    this.hasName("exec") and
-    this.getDeclaringType() instanceof TypeRuntime
-  }
-
-  override int getAnExecutedArgument() { result = 0 }
-}
-
 /**
  * Any method named `getenv` on class `java.lang.System`.
  */

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
    */
   predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
 
-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
   /**
    * Holds if hidden nodes should be included in the data flow graph.
    *

java/ql/lib/semmle/code/java/frameworks/JsonIo.qll

@@ -43,34 +43,6 @@ class JsonIoUseMapsSetter extends MethodCall {
   }
 }
 
-/**
- * DEPRECATED: Use `SafeJsonIoFlow` instead.
- *
- * A data flow configuration tracing flow from JsonIo safe settings.
- */
-deprecated class SafeJsonIoConfig extends DataFlow2::Configuration {
-  SafeJsonIoConfig() { this = "UnsafeDeserialization::SafeJsonIoConfig" }
-
-  override predicate isSource(DataFlow::Node src) {
-    exists(MethodCall ma |
-      ma instanceof JsonIoUseMapsSetter and
-      src.asExpr() = ma.getQualifier()
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall ma |
-      ma.getMethod() instanceof JsonIoJsonToJavaMethod and
-      sink.asExpr() = ma.getArgument(1)
-    )
-    or
-    exists(ClassInstanceExpr cie |
-      cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader and
-      sink.asExpr() = cie.getArgument(1)
-    )
-  }
-}
-
 /**
  * A data flow configuration tracing flow from JsonIo safe settings.
  */

java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll

@@ -42,9 +42,6 @@ class CamelJavaDslToDecl extends ProcessorDefinitionElement {
    * Gets the URI specified by this `to` declaration.
    */
   string getUri() { result = this.getArgument(0).(CompileTimeConstantExpr).getStringValue() }
-
-  /** DEPRECATED: Alias for getUri */
-  deprecated string getURI() { result = this.getUri() }
 }
 
 /**

java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll

@@ -97,9 +97,6 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
    * Gets the URI attribute for this `<to>` element.
    */
   string getUri() { result = this.getAttribute("uri").getValue() }
-
-  /** DEPRECATED: Alias for getUri */
-  deprecated string getURI() { result = this.getUri() }
 }
 
 /**

java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll

@@ -7,27 +7,6 @@ import semmle.code.java.dataflow.TaintTracking
 deprecated import semmle.code.java.dataflow.TaintTracking3
 import semmle.code.java.security.AndroidIntentRedirection
 
-/**
- * DEPRECATED: Use `IntentRedirectionFlow` instead.
- *
- * A taint tracking configuration for tainted Intents being used to start Android components.
- */
-deprecated class IntentRedirectionConfiguration extends TaintTracking::Configuration {
-  IntentRedirectionConfiguration() { this = "IntentRedirectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof IntentRedirectionSink }
-
-  override predicate isSanitizer(DataFlow::Node sanitizer) {
-    sanitizer instanceof IntentRedirectionSanitizer
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(IntentRedirectionAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /** A taint tracking configuration for tainted Intents being used to start Android components. */
 module IntentRedirectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll

@@ -122,36 +122,6 @@ private predicate isStartActivityOrServiceSink(DataFlow::Node arg) {
   )
 }
 
-/**
- * DEPRECATED: Use `SensitiveCommunicationFlow` instead.
- *
- * Taint configuration tracking flow from variables containing sensitive information to broadcast Intents.
- */
-deprecated class SensitiveCommunicationConfig extends TaintTracking::Configuration {
-  SensitiveCommunicationConfig() { this = "Sensitive Communication Configuration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof SensitiveInfoExpr
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    isSensitiveBroadcastSink(sink)
-    or
-    isStartActivityOrServiceSink(sink)
-  }
-
-  /**
-   * Holds if broadcast doesn't specify receiving package name of the 3rd party app
-   */
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof ExplicitIntentSanitizer }
-
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    super.allowImplicitRead(node, c)
-    or
-    this.isSink(node)
-  }
-}
-
 /**
  * A sensitive communication sink node.
  */

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

@@ -109,37 +109,3 @@ predicate execIsTainted(
   InputToArgumentToExecFlow::flowPath(source, sink) and
   argumentToExec(execArg, sink.getNode())
 }
-
-/**
- * DEPRECATED: Use `execIsTainted` instead.
- *
- * Implementation of `ExecTainted.ql`. It is extracted to a QLL
- * so that it can be excluded from `ExecUnescaped.ql` to avoid
- * reporting overlapping results.
- */
-deprecated predicate execTainted(DataFlow::PathNode source, DataFlow::PathNode sink, Expr execArg) {
-  exists(RemoteUserInputToArgumentToExecFlowConfig conf |
-    conf.hasFlowPath(source, sink) and argumentToExec(execArg, sink.getNode())
-  )
-}
-
-/**
- * DEPRECATED: Use `RemoteUserInputToArgumentToExecFlow` instead.
- *
- * A taint-tracking configuration for unvalidated user input that is used to run an external process.
- */
-deprecated class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
-  RemoteUserInputToArgumentToExecFlowConfig() {
-    this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig"
-  }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof CommandInjectionSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
-  }
-}

java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll

@@ -36,23 +36,6 @@ private predicate endsWithStep(DataFlow::Node node1, DataFlow::Node node2) {
   )
 }
 
-/**
- * DEPRECATED: Use `ConditionalBypassFlow` instead.
- *
- * A taint tracking configuration for untrusted data flowing to sensitive conditions.
- */
-deprecated class ConditionalBypassFlowConfig extends TaintTracking::Configuration {
-  ConditionalBypassFlowConfig() { this = "ConditionalBypassFlowConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    endsWithStep(node1, node2)
-  }
-}
-
 /**
  * A taint tracking configuration for untrusted data flowing to sensitive conditions.
  */

java/ql/lib/semmle/code/java/security/ExternalAPIs.qll

@@ -92,19 +92,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   string getMethodDescription() { result = this.getMethod().getQualifiedName() }
 }
 
-/**
- * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /**
  * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s.
  */

java/ql/lib/semmle/code/java/security/ExternalProcess.qll

@@ -4,16 +4,6 @@ import semmle.code.java.Member
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.security.CommandLineQuery
 
-/**
- * DEPRECATED: A callable that executes a command.
- */
-abstract deprecated class ExecCallable extends Callable {
-  /**
-   * Gets the index of an argument that will be part of the command that is executed.
-   */
-  abstract int getAnExecutedArgument();
-}
-
 /**
  * An expression used as an argument to a call that executes an external command. For calls to
  * varargs method calls, this only includes the first argument, which will be the command

java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll

@@ -5,24 +5,6 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.FragmentInjection
 
-/**
- * DEPRECATED: Use `FragmentInjectionFlow` instead.
- *
- * A taint-tracking configuration for unsafe user input
- * that is used to create Android fragments dynamically.
- */
-deprecated class FragmentInjectionTaintConf extends TaintTracking::Configuration {
-  FragmentInjectionTaintConf() { this = "FragmentInjectionTaintConf" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof FragmentInjectionSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(FragmentInjectionAdditionalTaintStep c).step(n1, n2)
-  }
-}
-
 /**
  * A taint-tracking configuration for unsafe user input
  * that is used to create Android fragments dynamically.

java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll

@@ -5,24 +5,6 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.GroovyInjection
 
-/**
- * DEPRECATED: Use `GroovyInjectionFlow` instead.
- *
- * A taint-tracking configuration for unsafe user input
- * that is used to evaluate a Groovy expression.
- */
-deprecated class GroovyInjectionConfig extends TaintTracking::Configuration {
-  GroovyInjectionConfig() { this = "GroovyInjectionConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
-    any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
-  }
-}
-
 /**
  * A taint-tracking configuration for unsafe user input
  * that is used to evaluate a Groovy expression.

java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll

@@ -6,55 +6,6 @@ import java
 import semmle.code.java.dataflow.DataFlow
 import HardcodedCredentials
 
-/**
- * DEPRECATED: Use `HardcodedCredentialApiCallFlow` instead.
- *
- * A data-flow configuration that tracks flow from a hard-coded credential in a call to a sensitive Java API which may compromise security.
- */
-deprecated class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
-  HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" }
-
-  override predicate isSource(DataFlow::Node n) {
-    n.asExpr() instanceof HardcodedExpr and
-    not n.asExpr().getEnclosingCallable() instanceof ToStringMethod
-  }
-
-  override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof CredentialsApiSink }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.asExpr().getType() instanceof TypeString and
-    (
-      exists(MethodCall ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) |
-        node2.asExpr() = ma and
-        ma.getQualifier() = node1.asExpr()
-      )
-      or
-      // These base64 routines are usually taint propagators, and this is not a general
-      // TaintTracking::Configuration, so we must specifically include them here
-      // as a common transform applied to a constant before passing to a remote API.
-      exists(MethodCall ma |
-        ma.getMethod()
-            .hasQualifiedName([
-                "java.util", "cn.hutool.core.codec", "org.apache.shiro.codec",
-                "apache.commons.codec.binary", "org.springframework.util"
-              ], ["Base64$Encoder", "Base64$Decoder", "Base64", "Base64Utils"],
-              [
-                "encode", "encodeToString", "decode", "decodeBase64", "encodeBase64",
-                "encodeBase64Chunked", "encodeBase64String", "encodeBase64URLSafe",
-                "encodeBase64URLSafeString"
-              ])
-      |
-        node1.asExpr() = ma.getArgument(0) and
-        node2.asExpr() = ma
-      )
-    )
-  }
-
-  override predicate isBarrier(DataFlow::Node n) {
-    n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv
-  }
-}
-
 /**
  * A data-flow configuration that tracks flow from a hard-coded credential in a call to a sensitive Java API which may compromise security.
  */

java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll

@@ -8,22 +8,6 @@ deprecated import semmle.code.java.dataflow.DataFlow2
 private import semmle.code.java.dataflow.DataFlow2
 import HardcodedCredentials
 
-/**
- * DEPRECATED: Use `HardcodedCredentialSourceCallFlow` instead.
- *
- * A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests
- * it may be a credential, excluding those which flow on to other such insecure usage sites.
- */
-deprecated class HardcodedCredentialSourceCallConfiguration extends DataFlow::Configuration {
-  HardcodedCredentialSourceCallConfiguration() {
-    this = "HardcodedCredentialSourceCallConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof HardcodedExpr }
-
-  override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof FinalCredentialsSourceSink }
-}
-
 /**
  * A data-flow configuration that tracks hardcoded expressions flowing to a parameter whose name suggests
  * it may be a credential, excluding those which flow on to other such insecure usage sites.
@@ -40,22 +24,6 @@ module HardcodedCredentialSourceCallConfig implements DataFlow::ConfigSig {
  */
 module HardcodedCredentialSourceCallFlow = DataFlow::Global<HardcodedCredentialSourceCallConfig>;
 
-/**
- * DEPRECATED: Use `HardcodedCredentialParameterSourceCallFlow` instead.
- *
- * A data-flow configuration that tracks flow from an argument whose corresponding parameter name suggests
- * a credential, to an argument to a sensitive call.
- */
-deprecated class HardcodedCredentialSourceCallConfiguration2 extends DataFlow2::Configuration {
-  HardcodedCredentialSourceCallConfiguration2() {
-    this = "HardcodedCredentialSourceCallConfiguration2"
-  }
-
-  override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof CredentialsSourceSink }
-
-  override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof CredentialsSink }
-}
-
 /**
  * A data-flow configuration that tracks flow from an argument whose corresponding parameter name suggests
  * a credential, to an argument to a sensitive call.

java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll

@@ -6,27 +6,6 @@ import semmle.code.java.frameworks.Networking
 import semmle.code.java.security.HttpsUrls
 private import semmle.code.java.security.Sanitizers
 
-/**
- * DEPRECATED: Use `HttpsStringToUrlOpenMethodFlow` instead.
- *
- * A taint tracking configuration for HTTP connections.
- */
-deprecated class HttpStringToUrlOpenMethodFlowConfig extends TaintTracking::Configuration {
-  HttpStringToUrlOpenMethodFlowConfig() { this = "HttpStringToUrlOpenMethodFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HttpStringLiteral }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof UrlOpenSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(HttpUrlsAdditionalTaintStep c).step(node1, node2)
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
-  }
-}
-
 /**
  * A taint tracking configuration for HTTP connections.
  */

java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll

@@ -6,55 +6,6 @@ import semmle.code.java.frameworks.android.Intent
 import semmle.code.java.frameworks.android.PendingIntent
 import semmle.code.java.security.ImplicitPendingIntents
 
-/**
- * DEPRECATED: Use `ImplicitPendingIntentStartFlow` instead.
- *
- * A taint tracking configuration for implicit `PendingIntent`s
- * being wrapped in another implicit `Intent` that gets started.
- */
-deprecated class ImplicitPendingIntentStartConf extends TaintTracking::Configuration {
-  ImplicitPendingIntentStartConf() { this = "ImplicitPendingIntentStartConf" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-    source.(ImplicitPendingIntentSource).hasState(state)
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    sink.(ImplicitPendingIntentSink).hasState(state)
-  }
-
-  override predicate isSanitizer(DataFlow::Node sanitizer) {
-    sanitizer instanceof ExplicitIntentSanitizer
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, node2)
-  }
-
-  override predicate isAdditionalTaintStep(
-    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
-    DataFlow::FlowState state2
-  ) {
-    any(ImplicitPendingIntentAdditionalTaintStep c).step(node1, state1, node2, state2)
-  }
-
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    super.allowImplicitRead(node, c)
-    or
-    this.isSink(node, _) and
-    allowIntentExtrasImplicitRead(node, c)
-    or
-    this.isAdditionalTaintStep(node, _) and
-    c.(DataFlow::FieldContent).getType() instanceof PendingIntent
-    or
-    // Allow implicit reads of Intent arrays for steps like getActivities
-    // or sinks like startActivities
-    (this.isSink(node, _) or this.isAdditionalFlowStep(node, _, _, _)) and
-    node.getType().(Array).getElementType() instanceof TypeIntent and
-    c instanceof DataFlow::ArrayContent
-  }
-}
-
 /**
  * A taint tracking configuration for implicit `PendingIntent`s
  * being wrapped in another implicit `Intent` that gets started.

java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll

@@ -5,24 +5,6 @@ import semmle.code.java.security.HttpsUrls
 import semmle.code.java.security.InsecureBasicAuth
 import semmle.code.java.dataflow.TaintTracking
 
-/**
- * DEPRECATED: Use `InsecureBasicAuthFlow` instead.
- *
- * A taint tracking configuration for the Basic authentication scheme
- * being used in HTTP connections.
- */
-deprecated class BasicAuthFlowConfig extends TaintTracking::Configuration {
-  BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(HttpUrlsAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /**
  * A taint tracking configuration for the Basic authentication scheme
  * being used in HTTP connections.

java/ql/lib/semmle/code/java/security/InsecureTrustManagerQuery.qll

@@ -4,28 +4,6 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.InsecureTrustManager
 
-/**
- * DEPRECATED: Use `InsecureTrustManagerFlow` instead.
- *
- * A configuration to model the flow of an insecure `TrustManager`
- * to the initialization of an SSL context.
- */
-deprecated class InsecureTrustManagerConfiguration extends DataFlow::Configuration {
-  InsecureTrustManagerConfiguration() { this = "InsecureTrustManagerConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source instanceof InsecureTrustManagerSource
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink }
-
-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
-    (this.isSink(node) or this.isAdditionalFlowStep(node, _)) and
-    node.getType() instanceof Array and
-    c instanceof DataFlow::ArrayContent
-  }
-}
-
 /**
  * A configuration to model the flow of an insecure `TrustManager`
  * to the initialization of an SSL context.

java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll

@@ -3,23 +3,6 @@
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.InsufficientKeySize
 
-/**
- * DEPRECATED: Use `KeySizeFlow` instead.
- *
- * A data flow configuration for tracking key sizes used in cryptographic algorithms.
- */
-deprecated class KeySizeConfiguration extends DataFlow::Configuration {
-  KeySizeConfiguration() { this = "KeySizeConfiguration" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-    exists(KeySizeState s | source.(InsufficientKeySizeSource).hasState(s) and state = s.toString())
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    exists(KeySizeState s | sink.(InsufficientKeySizeSink).hasState(s) and state = s.toString())
-  }
-}
-
 /**
  * A data flow configuration for tracking key sizes used in cryptographic algorithms.
  */

java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll

@@ -8,29 +8,6 @@ private import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.DataFlow
 private import IntentUriPermissionManipulation
 
-/**
- * DEPRECATED: Use `IntentUriPermissionManipulationFlow` instead.
- *
- * A taint tracking configuration for user-provided Intents being returned to third party apps.
- */
-deprecated class IntentUriPermissionManipulationConf extends TaintTracking::Configuration {
-  IntentUriPermissionManipulationConf() { this = "UriPermissionManipulationConf" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof IntentUriPermissionManipulationSink
-  }
-
-  override predicate isSanitizer(DataFlow::Node barrier) {
-    barrier instanceof IntentUriPermissionManipulationSanitizer
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /**
  * A taint tracking configuration for user-provided Intents being returned to third party apps.
  */

java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll

@@ -38,25 +38,6 @@ private class DefaultJexlInjectionAdditionalTaintStep extends JexlInjectionAddit
   }
 }
 
-/**
- * DEPRECATED: Use `JexlInjectionFlow` instead.
- *
- * A taint-tracking configuration for unsafe user input
- * that is used to construct and evaluate a JEXL expression.
- * It supports both JEXL 2 and 3.
- */
-deprecated class JexlInjectionConfig extends TaintTracking::Configuration {
-  JexlInjectionConfig() { this = "JexlInjectionConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(JexlInjectionAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /**
  * A taint-tracking configuration for unsafe user input
  * that is used to construct and evaluate a JEXL expression.

java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll

@@ -7,28 +7,6 @@ import semmle.code.java.frameworks.SpringLdap
 import semmle.code.java.security.JndiInjection
 private import semmle.code.java.security.Sanitizers
 
-/**
- * DEPRECATED: Use `JndiInjectionFlow` instead.
- *
- * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup.
- */
-deprecated class JndiInjectionFlowConfig extends TaintTracking::Configuration {
-  JndiInjectionFlowConfig() { this = "JndiInjectionFlowConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof SimpleTypeSanitizer or
-    node instanceof JndiInjectionSanitizer
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(JndiInjectionAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /**
  * A taint-tracking configuration for unvalidated user input that is used in JNDI lookup.
  */

java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll

@@ -4,25 +4,6 @@ import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.LogInjection
 
-/**
- * DEPRECATED: Use `LogInjectionFlow` instead.
- *
- * A taint-tracking configuration for tracking untrusted user input used in log entries.
- */
-deprecated class LogInjectionConfiguration extends TaintTracking::Configuration {
-  LogInjectionConfiguration() { this = "LogInjectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof LogInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof LogInjectionSanitizer }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(LogInjectionAdditionalTaintStep c).step(node1, node2)
-  }
-}
-
 /**
  * A taint-tracking configuration for tracking untrusted user input used in log entries.
  */