use my script to delete outdated deprecations

2026-04-26 01:05:15 +02:00 · 2024-09-03 08:58:27 +02:00
parent ea0877769e
commit 0fdd06fff5
156 changed files with 0 additions and 2948 deletions
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll
@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
   */
  predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }

-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
  /**
   * Holds if hidden nodes should be included in the data flow graph.
   *
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
   */
  predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }

-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
  /**
   * Holds if hidden nodes should be included in the data flow graph.
   *
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
   */
  predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }

-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
  /**
   * Holds if hidden nodes should be included in the data flow graph.
   *
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
   */
  predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }

-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
  /**
   * Holds if hidden nodes should be included in the data flow graph.
   *
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
   */
  predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }

-  /**
-   * DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
-   *
-   * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
-   * measured in approximate number of interprocedural steps.
-   */
-  deprecated int explorationLimit() { none() }
-
  /**
   * Holds if hidden nodes should be included in the data flow graph.
   *
--- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
@@ -58,24 +58,6 @@ class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink
  override string getDescription() { result = "Decryptor(rgbKey, IV)" }
 }

-/**
- * DEPRECATED: Use `SymmetricKey` instead.
- *
- * Symmetric Key Data Flow configuration.
- */
-deprecated class SymmetricKeyTaintTrackingConfiguration extends TaintTracking::Configuration {
-  SymmetricKeyTaintTrackingConfiguration() { this = "SymmetricKeyTaintTracking" }
-
-  /** Holds if the node is a key source. */
-  override predicate isSource(DataFlow::Node src) { src instanceof KeySource }
-
-  /** Holds if the node is a symmetric encryption key sink. */
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SymmetricEncryptionKeySink }
-
-  /** Holds if the node is a key sanitizer. */
-  override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }
-}
-
 /**
 * Symmetric Key Data Flow configuration.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -61,33 +61,6 @@ module HardcodedSymmetricEncryptionKey {
    }
  }

-  /**
-   * DEPRECATED: Use `HardCodedSymmetricEncryption` instead.
-   *
-   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
-   */
-  deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-    TaintTrackingConfiguration() { this = "HardcodedSymmetricEncryptionKey" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-    /**
-     * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it.
-     * Need to create an additional custom step.
-     */
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(MethodCall mc, CryptographicBuffer c |
-        pred.asExpr() = mc.getAnArgument() and
-        mc.getTarget() = c.getAMethod() and
-        succ.asExpr() = mc
-      )
-    }
-  }
-
  /**
   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
   */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
@@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ClearTextStorage` instead.
- *
- * A taint-tracking configuration for cleartext storage of sensitive information.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ClearTextStorage" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for cleartext storage of sensitive information.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `CodeInjection` instead.
- *
- * A taint-tracking configuration for user input treated as code vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "CodeInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for user input treated as code vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
@@ -23,21 +23,6 @@ abstract class Sink extends DataFlow::ExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `CommandInjection` instead.
- *
- * A taint-tracking configuration for command injection vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "CommandInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for command injection vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll
@@ -30,21 +30,6 @@ abstract class Sink extends ApiSinkExprNode {
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ConditionalBypass` instead.
- *
- * A taint-tracking configuration for user-controlled bypass of sensitive method.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UserControlledBypassOfSensitiveMethodConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for user-controlled bypass of sensitive method.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
@@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ExposureOfPrivateInformation` instead.
- *
- * A taint-tracking configuration for private information flowing unencrypted to an external location.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ExposureOfPrivateInformation" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for private information flowing unencrypted to an external location.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
@@ -73,19 +73,6 @@ class ExternalApiDataNode extends DataFlow::Node {
  }
 }

-/**
- * DEPRECATED: Use `RemoteSourceToExternalApi` instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll
@@ -38,46 +38,6 @@ abstract class Sink extends ApiSinkExprNode {
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `HardcodedCredentials` instead.
- *
- * A taint-tracking configuration for hard coded credentials.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "HardcodedCredentials" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof Sink and
-    // Ignore values that are ultimately returned by mocks, as they don't represent "real"
-    // credentials.
-    not any(ReturnedByMockObject mock).getAMemberInitializationValue() = sink.asExpr() and
-    not any(ReturnedByMockObject mock).getAnArgument() = sink.asExpr()
-  }
-
-  override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
-    super.hasFlowPath(source, sink) and
-    // Exclude hard-coded credentials in tests if they only flow to calls to methods with a name
-    // like "Add*" "Create*" or "Update*". The rationale is that hard-coded credentials within
-    // tests that are only used for creating or setting values within tests are unlikely to
-    // represent credentials to some accessible system.
-    not (
-      source.getNode().asExpr().getFile() instanceof TestFile and
-      exists(MethodCall createOrAddCall, string createOrAddMethodName |
-        createOrAddMethodName.matches("Update%") or
-        createOrAddMethodName.matches("Create%") or
-        createOrAddMethodName.matches("Add%")
-      |
-        createOrAddCall.getTarget().hasName(createOrAddMethodName) and
-        createOrAddCall.getAnArgument() = sink.getNode().asExpr()
-      )
-    )
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for hard coded credentials.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `LdapInjection` instead.
- *
- * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "LDAPInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for unvalidated user input that is used to construct LDAP queries.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `LogForging` instead.
- *
- * A taint-tracking configuration for untrusted user input used in log entries.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "LogForging" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used in log entries.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
@@ -29,22 +29,6 @@ abstract class Sink extends ApiSinkExprNode {
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `MissingXxmlValidation` instead.
- *
- * A taint-tracking configuration for untrusted user input processed as XML without validation against a
- * known schema.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "MissingXMLValidation" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input processed as XML without validation against a
 * known schema.
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
@@ -25,21 +25,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ReDoS` instead.
- *
- * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ReDoS" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used in dangerous regular expression operations.
 */
@@ -85,20 +70,6 @@ predicate isExponentialRegex(StringLiteral s) {
  s.getValue().regexpMatch(".*\\(\\([^()*+\\]]+\\]?\\)(\\*|\\+)\\.?\\)(\\*|\\+).*")
 }

-/**
- * DEPRECATED: Use `ExponentialRegexDataflow` instead.
- *
- * A data flow configuration for tracking exponential worst case time regular expression string
- * literals to the pattern argument of a regex.
- */
-deprecated class ExponentialRegexDataflow extends DataFlow2::Configuration {
-  ExponentialRegexDataflow() { this = "ExponentialRegex" }
-
-  override predicate isSource(DataFlow::Node s) { isExponentialRegex(s.asExpr()) }
-
-  override predicate isSink(DataFlow::Node s) { s.asExpr() = any(RegexOperation c).getPattern() }
-}
-
 /**
 * A data flow configuration for tracking exponential worst case time regular expression string
 * literals to the pattern argument of a regex.
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `RegexInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used to construct regular expressions.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "RegexInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used to construct regular expressions.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
@@ -23,21 +23,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ResourceInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in resource descriptors.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ResourceInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used in resource descriptors.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `SqlInjection` instead.
- *
- * A taint-tracking configuration for SQL injection vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "SqlInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for SQL injection vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
@@ -26,21 +26,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `TaintedPath` instead.
- *
- * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "TaintedPath" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
@@ -51,21 +51,6 @@ abstract class Sanitizer extends DataFlow::Node { }

 private class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }

-/**
- * DEPRECATED: Use `TaintToObjectMethodTracking` instead.
- *
- * User input to object method call deserialization flow tracking.
- */
-deprecated class TaintToObjectMethodTrackingConfig extends TaintTracking::Configuration {
-  TaintToObjectMethodTrackingConfig() { this = "TaintToObjectMethodTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * User input to object method call deserialization flow tracking configuration.
 */
@@ -82,23 +67,6 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig
 */
 module TaintToObjectMethodTracking = TaintTracking::Global<TaintToObjectMethodTrackingConfig>;

-/**
- * DEPRECATED: Use `JsonConvertTracking` instead.
- *
- * User input to `JsonConvert` call deserialization flow tracking.
- */
-deprecated class JsonConvertTrackingConfig extends TaintTracking::Configuration {
-  JsonConvertTrackingConfig() { this = "JsonConvertTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof NewtonsoftJsonConvertDeserializeObjectMethodSink
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * User input to `JsonConvert` call deserialization flow tracking configuration.
 */
@@ -117,61 +85,6 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig {
 */
 module JsonConvertTracking = TaintTracking::Global<JsonConvertTrackingConfig>;

-/**
- * DEPRECATED: Use `TypeNameTracking` instead.
- *
- * Tracks unsafe `TypeNameHandling` setting to `JsonConvert` call
- */
-deprecated class TypeNameTrackingConfig extends DataFlow::Configuration {
-  TypeNameTrackingConfig() { this = "TypeNameTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) {
-    (
-      source.asExpr() instanceof MemberConstantAccess and
-      source.getType() instanceof TypeNameHandlingEnum
-      or
-      source.asExpr() instanceof IntegerLiteral
-    ) and
-    source.asExpr().hasValue() and
-    not source.asExpr().getValue() = "0"
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc, Method m, Expr expr |
-      m = mc.getTarget() and
-      (
-        not mc.getArgument(0).hasValue() and
-        m instanceof NewtonsoftJsonConvertClassDeserializeObjectMethod
-      ) and
-      expr = mc.getAnArgument() and
-      sink.asExpr() = expr and
-      expr.getType() instanceof JsonSerializerSettingsClass
-    )
-  }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.asExpr() instanceof IntegerLiteral and
-    node2.asExpr().(CastExpr).getExpr() = node1.asExpr()
-    or
-    node1.getType() instanceof TypeNameHandlingEnum and
-    exists(PropertyWrite pw, Property p, Assignment a |
-      a.getLValue() = pw and
-      pw.getProperty() = p and
-      p.getDeclaringType() instanceof JsonSerializerSettingsClass and
-      p.hasName("TypeNameHandling") and
-      (
-        node1.asExpr() = a.getRValue() and
-        node2.asExpr() = pw.getQualifier()
-        or
-        exists(ObjectInitializer oi |
-          node1.asExpr() = oi.getAMemberInitializer().getRValue() and
-          node2.asExpr() = oi
-        )
-      )
-    )
-  }
-}
-
 /**
 * Configuration module for tracking unsafe `TypeNameHandling` setting to `JsonConvert` calls.
 */
@@ -228,24 +141,6 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig {
 */
 module TypeNameTracking = DataFlow::Global<TypeNameTrackingConfig>;

-/**
- * DEPRECATED: Use `TaintToConstructorOrStaticMethodTracking` instead.
- *
- * User input to static method or constructor call deserialization flow tracking.
- */
-deprecated class TaintToConstructorOrStaticMethodTrackingConfig extends TaintTracking::Configuration
-{
-  TaintToConstructorOrStaticMethodTrackingConfig() {
-    this = "TaintToConstructorOrStaticMethodTrackingConfig"
-  }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ConstructorOrStaticMethodSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * User input to static method or constructor call deserialization flow tracking configuration.
 */
@@ -263,41 +158,6 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo
 module TaintToConstructorOrStaticMethodTracking =
  TaintTracking::Global<TaintToConstructorOrStaticMethodTrackingConfig>;

-/**
- * DEPRECATED: Use `TaintToObjectTypeTracking` instead.
- *
- * User input to instance type flow tracking.
- */
-deprecated class TaintToObjectTypeTrackingConfig extends TaintTracking2::Configuration {
-  TaintToObjectTypeTrackingConfig() { this = "TaintToObjectTypeTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getTarget() instanceof UnsafeDeserializer and
-      sink.asExpr() = mc.getQualifier()
-    )
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) {
-    exists(MethodCall mc, Method m |
-      m = mc.getTarget() and
-      m.getDeclaringType().hasFullyQualifiedName("System", "Type") and
-      m.hasName("GetType") and
-      m.isStatic() and
-      n1.asExpr() = mc.getArgument(0) and
-      n2.asExpr() = mc
-    )
-    or
-    exists(ObjectCreation oc |
-      n1.asExpr() = oc.getAnArgument() and
-      n2.asExpr() = oc and
-      oc.getObjectType() instanceof StrongTypeDeserializer
-    )
-  }
-}
-
 /**
 * User input to instance type flow tracking config.
 */
@@ -334,29 +194,6 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig {
 */
 module TaintToObjectTypeTracking = TaintTracking::Global<TaintToObjectTypeTrackingConfig>;

-/**
- * DEPRECATED: Use `WeakTypeCreationToUsageTracking` instead.
- *
- * Unsafe deserializer creation to usage tracking config.
- */
-deprecated class WeakTypeCreationToUsageTrackingConfig extends TaintTracking2::Configuration {
-  WeakTypeCreationToUsageTrackingConfig() { this = "DeserializerCreationToUsageTrackingConfig" }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(ObjectCreation oc |
-      oc.getObjectType() instanceof WeakTypeDeserializer and
-      source.asExpr() = oc
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodCall mc |
-      mc.getTarget() instanceof UnsafeDeserializer and
-      sink.asExpr() = mc.getQualifier()
-    )
-  }
-}
-
 /**
 * Unsafe deserializer creation to usage tracking config.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -28,21 +28,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `UrlRedirect` instead.
- *
- * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "UrlRedirect" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XMLEntityInjectionQuery.qll
@@ -44,26 +44,6 @@ private class InsecureXmlSink extends Sink {
 */
 abstract class Sanitizer extends DataFlow::Node { }

-/**
- * DEPRECATED: Use `XmlEntityInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in XML processing.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "XMLInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-  override predicate hasFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) {
-    super.hasFlowPath(source, sink) and
-    exists(sink.getNode().(Sink).getReason())
-  }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used in XML processing.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
@@ -24,21 +24,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `XpathInjection` instead.
- *
- * A taint-tracking configuration for untrusted user input used in XPath expression.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "XPathInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for untrusted user input used in XPath expression.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
@@ -141,21 +141,6 @@ abstract class Source extends DataFlow::Node { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `XssTracking` instead.
- *
- * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking2::Configuration {
-  TaintTrackingConfiguration() { this = "XSSDataFlowConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities.
 */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
@@ -21,21 +21,6 @@ abstract class Sink extends ApiSinkExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `ZipSlip` instead.
- *
- * A taint tracking configuration for Zip Slip.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "ZipSlipTaintTracking" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint tracking configuration for Zip Slip.
 */
--- a/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll
+++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll
@@ -37,21 +37,6 @@ abstract class Sink extends DataFlow::ExprNode { }
 */
 abstract class Sanitizer extends DataFlow::ExprNode { }

-/**
- * DEPRECATED: Use `TaintedWebClient` instead.
- *
- * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
- */
-deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() { this = "TaintedWebClientLib" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
 */
--- a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
+++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
@@ -23,39 +23,6 @@ module RequestForgery {
   */
  abstract private class Barrier extends DataFlow::Node { }

-  /**
-   * DEPRECATED: Use `RequestForgeryFlow` instead.
-   *
-   * A data flow configuration for detecting server side request forgery vulnerabilities.
-   */
-  deprecated class RequestForgeryConfiguration extends DataFlow::Configuration {
-    RequestForgeryConfiguration() { this = "Server Side Request forgery" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
-      interpolatedStringFlowStep(prev, succ)
-      or
-      stringReplaceStep(prev, succ)
-      or
-      uriCreationStep(prev, succ)
-      or
-      formatConvertStep(prev, succ)
-      or
-      toStringStep(prev, succ)
-      or
-      stringConcatStep(prev, succ)
-      or
-      stringFormatStep(prev, succ)
-      or
-      pathCombineStep(prev, succ)
-    }
-
-    override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
-  }
-
  /**
   * A data flow configuration for detecting server side request forgery vulnerabilities.
   */
--- a/Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
+++ b/Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
@@ -18,27 +18,6 @@ class TokenValidationParametersPropertySensitiveValidation extends Property {
  }
 }

-/**
- * DEPRECATED: Use `FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation` instead.
- *
- * A dataflow from a `false` value to a write sensitive property for `TokenValidationParameters`.
- */
-deprecated class FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation extends DataFlow::Configuration
-{
-  FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation() {
-    this = "FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().getValue() = "false" and
-    source.asExpr().getType() instanceof BoolType
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(TokenValidationParametersPropertySensitiveValidation p).getAnAssignedValue()
-  }
-}
-
 /**
 * A dataflow configuration from a `false` value to a write sensitive property for `TokenValidationParameters`.
 */
--- a/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll
+++ b/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll
@@ -40,26 +40,6 @@ private module AuthCookieNameConfig implements DataFlow::ConfigSig {
 */
 private module AuthCookieName = DataFlow::Global<AuthCookieNameConfig>;

-/**
- * DEPRECATED: Use `CookieOptionsTracking` instead.
- *
- * Tracks creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)` call as a third parameter.
- */
-deprecated class CookieOptionsTrackingConfiguration extends DataFlow::Configuration {
-  CookieOptionsTrackingConfiguration() { this = "CookieOptionsTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(ObjectCreation).getType() instanceof MicrosoftAspNetCoreHttpCookieOptions
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MicrosoftAspNetCoreHttpResponseCookies iResponse, MethodCall mc |
-      iResponse.getAppendMethod() = mc.getTarget() and
-      mc.getArgument(2) = sink.asExpr()
-    )
-  }
-}
-
 /**
 * Configuration module tracking creation of `CookieOptions` to `IResponseCookies.Append(String, String, CookieOptions)`
 * calls as a third parameter.
@@ -134,28 +114,6 @@ Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) {
 */
 predicate isPropertySet(ObjectCreation oc, string prop) { exists(getAValueForProp(oc, _, prop)) }

-/**
- * DEPRECATED: Use `OnAppendCookieSecureTracking` instead.
- *
- * Tracks if a callback used in `OnAppendCookie` sets `Secure` to `true`.
- */
-deprecated class OnAppendCookieSecureTrackingConfig extends OnAppendCookieTrackingConfig {
-  OnAppendCookieSecureTrackingConfig() { this = "OnAppendCookieSecureTrackingConfig" }
-
-  override string propertyName() { result = "Secure" }
-}
-
-/**
- * DEPRECATED: Use `OnAppendCookieHttpOnlyTracking` instead.
- *
- * Tracks if a callback used in `OnAppendCookie` sets `HttpOnly` to `true`.
- */
-deprecated class OnAppendCookieHttpOnlyTrackingConfig extends OnAppendCookieTrackingConfig {
-  OnAppendCookieHttpOnlyTrackingConfig() { this = "OnAppendCookieHttpOnlyTrackingConfig" }
-
-  override string propertyName() { result = "HttpOnly" }
-}
-
 /**
 * Tracks if a callback used in `OnAppendCookie` sets a cookie property to `true`.
 */