Removed deprecations from cors as it was moved out experimental

2025-12-16 16:53:25 +01:00 · 2025-07-31 11:08:22 +02:00
parent fd4233e30e
commit 2baca58b27
2 changed files with 0 additions and 61 deletions
--- a/javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll
@@ -24,22 +24,10 @@ module CorsPermissiveConfiguration {
      or
      this = TWildcard() and result = "wildcard"
    }
-
-    /** DEPRECATED: Converts this flow state to a flow label. */
-    deprecated DataFlow::FlowLabel toFlowLabel() {
-      this = TTaint() and result.isTaint()
-      or
-      this = TTrueOrNull() and result instanceof TrueAndNull
-      or
-      this = TWildcard() and result instanceof Wildcard
-    }
  }

  /** Predicates for working with flow states. */
  module FlowState {
-    /** DEPRECATED: Gets a flow state from a flow label. */
-    deprecated FlowState fromFlowLabel(DataFlow::FlowLabel label) { result.toFlowLabel() = label }
-
    /** A tainted value. */
    FlowState taint() { result = TTaint() }

@@ -65,11 +53,6 @@ module CorsPermissiveConfiguration {
   */
  abstract class Sanitizer extends DataFlow::Node { }

-  /**
-   * DEPRECATED: Use `ActiveThreatModelSource` from Concepts instead!
-   */
-  deprecated class RemoteFlowSourceAsSource = ActiveThreatModelSourceAsSource;
-
  /**
   * An active threat-model source, considered as a flow source.
   */
@@ -77,22 +60,6 @@ module CorsPermissiveConfiguration {
    ActiveThreatModelSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
  }

-  /** A flow label representing `true` and `null` values. */
-  abstract deprecated class TrueAndNull extends DataFlow::FlowLabel {
-    TrueAndNull() { this = "TrueAndNull" }
-  }
-
-  /** DEPRECATED: Gets a flow label representing `true` and `null` values. */
-  deprecated TrueAndNull truenullLabel() { any() }
-
-  /** A flow label representing `*` value. */
-  abstract deprecated class Wildcard extends DataFlow::FlowLabel {
-    Wildcard() { this = "Wildcard" }
-  }
-
-  /** DEPRECATED: Gets a flow label representing `*` value. */
-  deprecated Wildcard wildcardLabel() { any() }
-
  /** An overly permissive value for `origin` (Apollo) */
  class TrueNullValue extends Source {
    TrueNullValue() { this.mayHaveBooleanValue(true) or this.asExpr() instanceof NullLiteral }
--- a/javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationQuery.qll
@@ -39,31 +39,3 @@ module CorsPermissiveConfigurationConfig implements DataFlow::StateConfigSig {

 module CorsPermissiveConfigurationFlow =
  TaintTracking::GlobalWithState<CorsPermissiveConfigurationConfig>;
-
-/**
- * DEPRECATED. Use the `CorsPermissiveConfigurationFlow` module instead.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CorsPermissiveConfiguration" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) {
-    CorsPermissiveConfigurationConfig::isSource(source, FlowState::fromFlowLabel(label))
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) {
-    CorsPermissiveConfigurationConfig::isSink(sink, FlowState::fromFlowLabel(label))
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node) or
-    CorsPermissiveConfigurationConfig::isBarrier(node)
-  }
-}
-
-deprecated private class WildcardActivated extends DataFlow::FlowLabel, Wildcard {
-  WildcardActivated() { this = this }
-}
-
-deprecated private class TrueAndNullActivated extends DataFlow::FlowLabel, TrueAndNull {
-  TrueAndNullActivated() { this = this }
-}