From 34f5f61a10840617b97d6d4587f62b16fa8d69f0 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 27 Jan 2025 18:15:12 +0100 Subject: [PATCH] all: use my script to delete outdated deprecations --- .../lib/semmle/code/cpp/dataflow/DataFlow.qll | 13 - .../code/cpp/dataflow/TaintTracking.qll | 14 - cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll | 5 - csharp/ql/lib/semmle/code/csharp/Generics.qll | 28 - .../csharp/controlflow/ControlFlowGraph.qll | 7 - .../IncorrectIntegerConversionLib.qll | 14 - java/ql/lib/semmle/code/java/Expr.qll | 33 - java/ql/lib/semmle/code/java/JDK.qll | 3 - java/ql/lib/semmle/code/java/Reflection.qll | 21 - .../semmle/code/java/dataflow/FlowSources.qll | 30 - .../dataflow/internal/TaintTrackingUtil.qll | 3 - .../semmle/code/java/deadcode/EntryPoints.qll | 3 - .../semmle/code/java/frameworks/Mockito.qll | 3 - .../CleartextStorageAndroidDatabaseQuery.qll | 3 - .../CleartextStorageSharedPrefsQuery.qll | 3 - .../HardcodedCredentialsComparison.qll | 3 - java/ql/lib/semmle/code/java/security/JWT.qll | 3 - .../java/security/PartialPathTraversal.qll | 3 - .../code/java/security/SensitiveActions.qll | 3 - .../code/java/security/SensitiveApi.qll | 39 - ...TempDirLocalInformationDisclosureQuery.qll | 10 - .../security/UnsafeDeserializationQuery.qll | 3 - .../semmle/code/java/security/XmlParsers.qll | 59 -- .../Likely Bugs/Resource Leaks/CloseType.qll | 3 - .../lib/semmle/javascript/ES2015Modules.qll | 27 - javascript/ql/lib/semmle/javascript/Expr.qll | 11 - .../dataflow/BrokenCryptoAlgorithmQuery.qll | 16 - .../dataflow/BuildArtifactLeakQuery.qll | 21 - .../CleartextLoggingCustomizations.qll | 21 +- .../dataflow/CleartextLoggingQuery.qll | 21 - .../dataflow/CleartextStorageQuery.qll | 13 - .../ClientSideRequestForgeryQuery.qll | 27 - .../dataflow/ClientSideUrlRedirectQuery.qll | 45 - .../security/dataflow/CodeInjectionQuery.qll | 20 - .../dataflow/CommandInjectionQuery.qll | 13 - .../dataflow/ConditionalBypassQuery.qll | 78 -- ...orsMisconfigurationForCredentialsQuery.qll | 20 - .../DeepObjectResourceExhaustionQuery.qll | 30 - .../dataflow/DomBasedXssCustomizations.qll | 7 - .../security/dataflow/DomBasedXssQuery.qll | 34 - .../security/dataflow/ExceptionXssQuery.qll | 30 - .../ExternalAPIUsedWithUntrustedDataQuery.qll | 49 - .../dataflow/FileAccessToHttpQuery.qll | 24 - .../dataflow/HardcodedCredentialsQuery.qll | 22 - .../HardcodedDataInterpretedAsCodeQuery.qll | 17 - ...tHeaderPoisoningInEmailGenerationQuery.qll | 11 - .../dataflow/HttpToFileAccessQuery.qll | 16 - .../ImproperCodeSanitizationQuery.qll | 13 - ...completeHtmlAttributeSanitizationQuery.qll | 32 - .../IndirectCommandInjectionQuery.qll | 23 - .../dataflow/InsecureDownloadQuery.qll | 20 - .../dataflow/InsecureRandomnessQuery.qll | 25 - .../dataflow/InsecureTemporaryFileQuery.qll | 16 - .../InsufficientPasswordHashQuery.qll | 16 - .../security/dataflow/LogInjectionQuery.qll | 13 - .../dataflow/LoopBoundInjectionQuery.qll | 28 - .../security/dataflow/NosqlInjectionQuery.qll | 34 - .../dataflow/PostMessageStarQuery.qll | 45 - .../PrototypePollutingAssignmentQuery.qll | 72 -- .../dataflow/PrototypePollutionQuery.qll | 40 - .../security/dataflow/ReflectedXssQuery.qll | 21 - .../dataflow/RegExpInjectionQuery.qll | 16 - .../dataflow/RemotePropertyInjectionQuery.qll | 17 - .../security/dataflow/RequestForgeryQuery.qll | 25 - .../dataflow/ResourceExhaustionQuery.qll | 25 - .../SecondOrderCommandInjectionQuery.qll | 29 - .../dataflow/ServerSideUrlRedirectQuery.qll | 29 - ...llCommandInjectionFromEnvironmentQuery.qll | 20 - .../security/dataflow/SqlInjectionQuery.qll | 20 - .../dataflow/StackTraceExposureQuery.qll | 17 - .../security/dataflow/StoredXssQuery.qll | 21 - .../dataflow/TaintedFormatStringQuery.qll | 16 - .../dataflow/TaintedPathCustomizations.qll | 2 - .../security/dataflow/TaintedPathQuery.qll | 31 - .../dataflow/TemplateObjectInjectionQuery.qll | 27 - ...onfusionThroughParameterTamperingQuery.qll | 22 - .../dataflow/UnsafeCodeConstruction.qll | 29 - .../dataflow/UnsafeDeserializationQuery.qll | 16 - .../UnsafeDynamicMethodAccessQuery.qll | 36 - .../dataflow/UnsafeHtmlConstructionQuery.qll | 3 - .../dataflow/UnsafeJQueryPluginQuery.qll | 41 - .../UnsafeShellCommandConstructionQuery.qll | 30 - ...lidatedDynamicMethodCallCustomizations.qll | 12 - .../UnvalidatedDynamicMethodCallQuery.qll | 34 - .../security/dataflow/XmlBombQuery.qll | 16 - .../security/dataflow/XpathInjectionQuery.qll | 16 - .../security/dataflow/XssThroughDomQuery.qll | 40 - .../javascript/security/dataflow/XxeQuery.qll | 16 - .../security/dataflow/ZipSlipQuery.qll | 30 - .../security/regexp/PolynomialReDoSQuery.qll | 31 - .../experimental/Security/CWE-918/SSRF.qll | 7 - .../frameworks/Templating/XssDiff.ql | 3 - .../python/dataflow/new/TypeTracker.qll | 60 -- .../dataflow/new/internal/TypeTracker.qll | 950 +----------------- .../new/internal/TypeTrackerSpecific.qll | 60 -- .../lib/semmle/python/frameworks/Stdlib.qll | 162 --- ruby/ql/lib/codeql/ruby/ApiGraphs.qll | 366 ------- .../lib/codeql/ruby/controlflow/CfgNodes.qll | 7 - .../dataflow/internal/DataFlowPrivate.qll | 3 +- .../ruby/dataflow/internal/DataFlowPublic.qll | 7 - .../codeql/ruby/frameworks/ActiveRecord.qll | 94 -- .../codeql/ruby/frameworks/ActiveResource.qll | 47 - ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll | 30 - .../ruby/security/InsecureDownloadQuery.qll | 6 - .../ruby/security/LdapInjectionQuery.qll | 9 - .../codeql/ruby/security/StoredXSSQuery.qll | 9 - .../UnsafeCodeConstructionCustomizations.qll | 2 - ...ShellCommandConstructionCustomizations.qll | 2 - .../ruby/security/XpathInjectionQuery.qll | 8 - .../codeql/ruby/typetracking/TypeTracker.qll | 925 +---------------- .../ruby/typetracking/TypeTrackerSpecific.qll | 131 --- .../library-tests/frameworks/Twirp/Twirp.ql | 2 - .../frameworks/active_record/ActiveRecord.ql | 10 - .../active_resource/ActiveResource.ql | 4 - shared/dataflow/codeql/dataflow/DataFlow.qll | 10 - .../codeql/dataflow/TaintTracking.qll | 12 - .../codeql/dataflow/internal/DataFlowImpl.qll | 12 - .../codeql/typetracking/TypeTracking.qll | 2 - .../internal/TypeTrackingImpl.qll | 7 - .../dataflow/internal/DataFlowPublic.qll | 5 - swift/ql/lib/codeql/swift/regex/Regex.qll | 15 - 121 files changed, 4 insertions(+), 4910 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll index a478da5193e..b8262141dc8 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/DataFlow.qll @@ -18,16 +18,3 @@ */ import cpp - -/** - * DEPRECATED: Use `semmle.code.cpp.dataflow.new.DataFlow` instead. - * - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) data flow analyses. - */ -deprecated module DataFlow { - private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific - private import codeql.dataflow.DataFlow - import DataFlowMake - import Public -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll index 36af8d9660b..238a05e55d0 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/TaintTracking.qll @@ -16,17 +16,3 @@ */ import semmle.code.cpp.dataflow.DataFlow - -/** - * DEPRECATED: Use `semmle.code.cpp.dataflow.new.TaintTracking` instead. - * - * Provides classes for performing local (intra-procedural) and - * global (inter-procedural) taint-tracking analyses. - */ -deprecated module TaintTracking { - import semmle.code.cpp.dataflow.internal.TaintTrackingUtil - private import semmle.code.cpp.dataflow.internal.DataFlowImplSpecific - private import semmle.code.cpp.dataflow.internal.TaintTrackingImplSpecific - private import codeql.dataflow.TaintTracking - import TaintFlowMake -} diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll index 91b57049a54..8ae18239418 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll @@ -1110,11 +1110,6 @@ class DeleteOrDeleteArrayExpr extends Expr, TDeleteOrDeleteArrayExpr { expr_deallocator(underlyingElement(this), unresolveElement(result), _) } - /** - * DEPRECATED: use `getDeallocatorCall` instead. - */ - deprecated FunctionCall getAllocatorCall() { result = this.getChild(0) } - /** * Gets the call to a non-default `operator delete`/`delete[]` that deallocates storage, if any. * diff --git a/csharp/ql/lib/semmle/code/csharp/Generics.qll b/csharp/ql/lib/semmle/code/csharp/Generics.qll index 81535fc1008..b5ef16c575e 100644 --- a/csharp/ql/lib/semmle/code/csharp/Generics.qll +++ b/csharp/ql/lib/semmle/code/csharp/Generics.qll @@ -143,18 +143,6 @@ class UnboundGenericType extends ValueOrRefType, UnboundGeneric { result = UnboundGeneric.super.getAConstructedGeneric() } - /** - * DEPRECATED: predicate does not contain any tuples. - * - * Gets the instance type of this type. For an unbound generic type, the instance type - * is a constructed type created from the unbound type, with each of the supplied type - * arguments being the corresponding type parameter. - */ - deprecated ConstructedType getInstanceType() { - result = this.getAConstructedGeneric() and - forall(TypeParameter tp, int i | tp = this.getTypeParameter(i) | tp = result.getTypeArgument(i)) - } - override Location getALocation() { type_location(this, result) } override UnboundGenericType getUnboundDeclaration() { @@ -312,10 +300,6 @@ class TypeParameterConstraints extends Element, @type_parameter_constraints { * ``` */ class UnboundGenericStruct extends Struct, UnboundGenericType { - deprecated override ConstructedStruct getInstanceType() { - result = UnboundGenericType.super.getInstanceType() - } - override ConstructedStruct getAConstructedGeneric() { result = UnboundGenericType.super.getAConstructedGeneric() } @@ -335,10 +319,6 @@ class UnboundGenericStruct extends Struct, UnboundGenericType { * ``` */ class UnboundGenericClass extends Class, UnboundGenericType { - deprecated override ConstructedClass getInstanceType() { - result = UnboundGenericType.super.getInstanceType() - } - override ConstructedClass getAConstructedGeneric() { result = UnboundGenericType.super.getAConstructedGeneric() } @@ -358,10 +338,6 @@ class UnboundGenericClass extends Class, UnboundGenericType { * ``` */ class UnboundGenericInterface extends Interface, UnboundGenericType { - deprecated override ConstructedInterface getInstanceType() { - result = UnboundGenericType.super.getInstanceType() - } - override ConstructedInterface getAConstructedGeneric() { result = UnboundGenericType.super.getAConstructedGeneric() } @@ -382,10 +358,6 @@ class UnboundGenericInterface extends Interface, UnboundGenericType { * ``` */ class UnboundGenericDelegateType extends DelegateType, UnboundGenericType { - deprecated override ConstructedDelegateType getInstanceType() { - result = UnboundGenericType.super.getInstanceType() - } - override ConstructedDelegateType getAConstructedGeneric() { result = UnboundGenericType.super.getAConstructedGeneric() } diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowGraph.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowGraph.qll index 0489044d922..2334d240935 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowGraph.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowGraph.qll @@ -29,13 +29,6 @@ module ControlFlow { /** Gets the control flow element that this node corresponds to, if any. */ final ControlFlowElement getAstNode() { result = super.getAstNode() } - /** - * DEPRECATED: Use `getAstNode` instead. - * - * Gets the control flow element that this node corresponds to, if any. - */ - deprecated ControlFlowElement getElement() { result = this.getAstNode() } - /** Gets the basic block that this control flow node belongs to. */ BasicBlock getBasicBlock() { result.getANode() = this } diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll index 3c6cddc427f..9125ab6e400 100644 --- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll +++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll @@ -448,20 +448,6 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf */ module Flow = DataFlow::GlobalWithState; -/** Gets a string describing the size of the integer parsed. */ -deprecated string describeBitSize(int bitSize, int intTypeBitSize) { - intTypeBitSize in [0, 32, 64] and - if bitSize != 0 - then bitSize in [8, 16, 32, 64] and result = "a " + bitSize + "-bit integer" - else - if intTypeBitSize = 0 - then result = "an integer with architecture-dependent bit size" - else - result = - "a number with architecture-dependent bit-width, which is constrained to be " + - intTypeBitSize + "-bit by build constraints," -} - /** Gets a string describing the size of the integer parsed. */ string describeBitSize2(DataFlow::Node source) { exists(int sourceBitSize, int intTypeBitSize, boolean isSigned, string signedString | diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 24e5a6e24d8..cb02791e96c 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -1924,9 +1924,6 @@ class VarAccess extends Expr, @varaccess { exists(UnaryAssignExpr e | e.getExpr() = this) } - /** DEPRECATED: Alias for `isVarWrite`. */ - deprecated predicate isLValue() { this.isVarWrite() } - /** * Holds if this variable access is a read access. * @@ -1936,9 +1933,6 @@ class VarAccess extends Expr, @varaccess { */ predicate isVarRead() { not exists(AssignExpr a | a.getDest() = this) } - /** DEPRECATED: Alias for `isVarRead`. */ - deprecated predicate isRValue() { this.isVarRead() } - /** Gets a printable representation of this expression. */ override string toString() { exists(Expr q | q = this.getQualifier() | @@ -2002,14 +1996,8 @@ class VarWrite extends VarAccess { * are source expressions of the assignment. */ Expr getASource() { exists(Assignment e | e.getDest() = this and e.getSource() = result) } - - /** DEPRECATED: (Inaccurately-named) alias for `getASource` */ - deprecated Expr getRhs() { result = this.getASource() } } -/** DEPRECATED: Alias for `VarWrite`. */ -deprecated class LValue = VarWrite; - /** * A read access to a variable. * @@ -2021,9 +2009,6 @@ class VarRead extends VarAccess { VarRead() { this.isVarRead() } } -/** DEPRECATED: Alias for `VarRead`. */ -deprecated class RValue = VarRead; - /** A method call is an invocation of a method with a list of arguments. */ class MethodCall extends Expr, Call, @methodaccess { /** Gets the qualifying expression of this method access, if any. */ @@ -2082,9 +2067,6 @@ class MethodCall extends Expr, Call, @methodaccess { */ predicate isOwnMethodCall() { Qualifier::ownMemberAccess(this) } - /** DEPRECATED: Alias for `isOwnMethodCall`. */ - deprecated predicate isOwnMethodAccess() { this.isOwnMethodCall() } - /** * Holds if this is a method call to an instance method of the enclosing * class `t`. That is, the qualifier is either an explicit or implicit @@ -2092,15 +2074,9 @@ class MethodCall extends Expr, Call, @methodaccess { */ predicate isEnclosingMethodCall(RefType t) { Qualifier::enclosingMemberAccess(this, t) } - /** DEPRECATED: Alias for `isEnclosingMethodCall`. */ - deprecated predicate isEnclosingMethodAccess(RefType t) { this.isEnclosingMethodCall(t) } - override string getAPrimaryQlClass() { result = "MethodCall" } } -/** DEPRECATED: Alias for `MethodCall`. */ -deprecated class MethodAccess = MethodCall; - /** A type access is a (possibly qualified) reference to a type. */ class TypeAccess extends Expr, Annotatable, @typeaccess { /** Gets the qualifier of this type access, if any. */ @@ -2275,25 +2251,16 @@ class VirtualMethodCall extends MethodCall { } } -/** DEPRECATED: Alias for `VirtualMethodCall`. */ -deprecated class VirtualMethodAccess = VirtualMethodCall; - /** A static method call. */ class StaticMethodCall extends MethodCall { StaticMethodCall() { this.getMethod().isStatic() } } -/** DEPRECATED: Alias for `StaticMethodCall`. */ -deprecated class StaticMethodAccess = StaticMethodCall; - /** A call to a method in the superclass. */ class SuperMethodCall extends MethodCall { SuperMethodCall() { this.getQualifier() instanceof SuperAccess } } -/** DEPRECATED: Alias for `SuperMethodCall`. */ -deprecated class SuperMethodAccess = SuperMethodCall; - /** * A constructor call, which occurs either as a constructor invocation inside a * constructor, or as part of a class instance expression. diff --git a/java/ql/lib/semmle/code/java/JDK.qll b/java/ql/lib/semmle/code/java/JDK.qll index ee86cf0a191..e1fbf931746 100644 --- a/java/ql/lib/semmle/code/java/JDK.qll +++ b/java/ql/lib/semmle/code/java/JDK.qll @@ -250,9 +250,6 @@ class MethodCallSystemGetProperty extends MethodCall { } } -/** DEPRECATED: Alias for `MethodCallSystemGetProperty`. */ -deprecated class MethodAccessSystemGetProperty = MethodCallSystemGetProperty; - /** * Any method named `exit` on class `java.lang.Runtime` or `java.lang.System`. */ diff --git a/java/ql/lib/semmle/code/java/Reflection.qll b/java/ql/lib/semmle/code/java/Reflection.qll index d6449dca223..da287387e17 100644 --- a/java/ql/lib/semmle/code/java/Reflection.qll +++ b/java/ql/lib/semmle/code/java/Reflection.qll @@ -83,9 +83,6 @@ class ReflectiveClassIdentifierMethodCall extends ReflectiveClassIdentifier, Met } } -/** DEPRECATED: Alias for `ReflectiveClassIdentifierMethodCall`. */ -deprecated class ReflectiveClassIdentifierMethodAccess = ReflectiveClassIdentifierMethodCall; - /** * Gets a `ReflectiveClassIdentifier` that we believe may represent the value of `expr`. */ @@ -320,9 +317,6 @@ class ClassMethodCall extends MethodCall { } } -/** DEPRECATED: Alias for `ClassMethodCall`. */ -deprecated class ClassMethodAccess = ClassMethodCall; - /** * A call to `Class.getConstructors(..)` or `Class.getDeclaredConstructors(..)`. */ @@ -333,9 +327,6 @@ class ReflectiveGetConstructorsCall extends ClassMethodCall { } } -/** DEPRECATED: Alias for `ReflectiveGetConstructorsCall`. */ -deprecated class ReflectiveConstructorsAccess = ReflectiveGetConstructorsCall; - /** * A call to `Class.getMethods(..)` or `Class.getDeclaredMethods(..)`. */ @@ -346,9 +337,6 @@ class ReflectiveGetMethodsCall extends ClassMethodCall { } } -/** DEPRECATED: Alias for `ReflectiveGetMethodsCall`. */ -deprecated class ReflectiveMethodsAccess = ReflectiveGetMethodsCall; - /** * A call to `Class.getMethod(..)` or `Class.getDeclaredMethod(..)`. */ @@ -378,9 +366,6 @@ class ReflectiveGetMethodCall extends ClassMethodCall { } } -/** DEPRECATED: Alias for `ReflectiveGetMethodCall`. */ -deprecated class ReflectiveMethodAccess = ReflectiveGetMethodCall; - /** * A call to `Class.getAnnotation(..)`. */ @@ -395,9 +380,6 @@ class ReflectiveGetAnnotationCall extends ClassMethodCall { } } -/** DEPRECATED: Alias for `ReflectiveGetAnnotationCall`. */ -deprecated class ReflectiveAnnotationAccess = ReflectiveGetAnnotationCall; - /** * A call to `Class.getField(..)` that accesses a field. */ @@ -423,6 +405,3 @@ class ReflectiveGetFieldCall extends ClassMethodCall { result.hasName(this.getArgument(0).(StringLiteral).getValue()) } } - -/** DEPRECATED: Alias for `ReflectiveGetFieldCall`. */ -deprecated class ReflectiveFieldAccess = ReflectiveGetFieldCall; diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 77af39967c6..f63eae183c4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -200,25 +200,6 @@ abstract class LocalUserInput extends UserInput { override string getThreatModel() { result = "local" } } -/** - * DEPRECATED: Use the threat models feature. - * That is, use `ActiveThreatModelSource` as the class of nodes for sources - * and set up the threat model configuration to filter source nodes. - * Alternatively, use `getThreatModel` to filter nodes to create the - * class of nodes you need. - * - * A node with input from the local environment, such as files, standard in, - * environment variables, and main method parameters. - */ -deprecated class EnvInput extends DataFlow::Node { - EnvInput() { - this instanceof EnvironmentInput or - this instanceof CliInput or - this instanceof FileInput or - this instanceof StdinInput - } -} - /** * A node with input from the local environment, such as * environment variables. @@ -271,17 +252,6 @@ private class FileInput extends LocalUserInput { override string getThreatModel() { result = "file" } } -/** - * DEPRECATED: Use the threat models feature. - * That is, use `ActiveThreatModelSource` as the class of nodes for sources - * and set up the threat model configuration to filter source nodes. - * Alternatively, use `getThreatModel` to filter nodes to create the - * class of nodes you need. - * - * A node with input from a database. - */ -deprecated class DatabaseInput = DbInput; - /** * A node with input from a database. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 1c7db851a2c..d4890b96f8e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -484,9 +484,6 @@ class ObjectOutputStreamVar extends LocalVariableDecl { result.getQualifier() = this.getAnAccess() and result.getMethod().hasName("writeObject") } - - /** DEPRECATED: Alias for `getAWriteObjectMethodCall`. */ - deprecated MethodCall getAWriteObjectMethodAccess() { result = this.getAWriteObjectMethodCall() } } /** Flow through string formatting. */ diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index d3fb138bef2..bca78aeae05 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -168,9 +168,6 @@ class ReflectiveGetMethodCallEntryPoint extends EntryPoint, ReflectiveGetMethodC } } -/** DEPRECATED: Alias for `ReflectiveGetMethodCallEntryPoint`. */ -deprecated class ReflectiveMethodAccessEntryPoint = ReflectiveGetMethodCallEntryPoint; - /** * Classes that are entry points recognised by annotations. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll index 38af7eb8575..0f5971a68ac 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mockito.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mockito.qll @@ -25,9 +25,6 @@ class MockitoVerifiedMethodCall extends MethodCall { } } -/** DEPRECATED: Alias for `MockitoVerifiedMethodCall`. */ -deprecated class MockitoVerifiedMethodAccess = MockitoVerifiedMethodCall; - /** * A type that can be mocked by Mockito. */ diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll index 5ee9248d9eb..f40dc5d97de 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll @@ -45,9 +45,6 @@ class LocalDatabaseOpenMethodCall extends Storable, Call { } } -/** DEPRECATED: Alias for `LocalDatabaseOpenMethodCall`. */ -deprecated class LocalDatabaseOpenMethodAccess = LocalDatabaseOpenMethodCall; - /** A method that is both a database input and a database store. */ private class LocalDatabaseInputStoreMethod extends Method { LocalDatabaseInputStoreMethod() { diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll index f72d40106e3..7300ce1447d 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll @@ -45,9 +45,6 @@ class SharedPreferencesEditorMethodCall extends Storable, MethodCall { } } -/** DEPRECATED: Alias for `SharedPreferencesEditorMethodCall`. */ -deprecated class SharedPreferencesEditorMethodAccess = SharedPreferencesEditorMethodCall; - /** * Holds if `input` is the second argument of a setter method * called on `editor`, which is an instance of `SharedPreferences$Editor`. diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll index f76385ecb68..d15d9d05d30 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll @@ -12,9 +12,6 @@ class EqualsCall extends MethodCall { EqualsCall() { this.getMethod() instanceof EqualsMethod } } -/** DEPRECATED: Alias for `EqualsCall`. */ -deprecated class EqualsAccess = EqualsCall; - /** * Holds if `sink` compares password `p` against a hardcoded expression `source`. */ diff --git a/java/ql/lib/semmle/code/java/security/JWT.qll b/java/ql/lib/semmle/code/java/security/JWT.qll index 5ba47072dc6..c282d32ea09 100644 --- a/java/ql/lib/semmle/code/java/security/JWT.qll +++ b/java/ql/lib/semmle/code/java/security/JWT.qll @@ -44,9 +44,6 @@ class JwtParserWithInsecureParseSink extends ApiSinkNode { /** Gets the method access that does the insecure parsing. */ MethodCall getParseMethodCall() { result = insecureParseMa } - - /** DEPRECATED: Alias for `getParseMethodCall`. */ - deprecated MethodCall getParseMethodAccess() { result = this.getParseMethodCall() } } /** diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll index 32d366faa98..aaf578a6225 100644 --- a/java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll +++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversal.qll @@ -58,6 +58,3 @@ class PartialPathTraversalMethodCall extends MethodCall { not isSafe(this.getArgument(0)) } } - -/** DEPRECATED: Alias for `PartialPathTraversalMethodCall`. */ -deprecated class PartialPathTraversalMethodAccess = PartialPathTraversalMethodCall; diff --git a/java/ql/lib/semmle/code/java/security/SensitiveActions.qll b/java/ql/lib/semmle/code/java/security/SensitiveActions.qll index a3fc00b19e3..2320afb8eef 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveActions.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveActions.qll @@ -65,9 +65,6 @@ class SensitiveMethodCall extends SensitiveExpr, MethodCall { } } -/** DEPRECATED: Alias for `SensitiveMethodCall`. */ -deprecated class SensitiveMethodAccess = SensitiveMethodCall; - /** Access to a variable that might contain sensitive data. */ class SensitiveVarAccess extends SensitiveExpr, VarAccess { SensitiveVarAccess() { diff --git a/java/ql/lib/semmle/code/java/security/SensitiveApi.qll b/java/ql/lib/semmle/code/java/security/SensitiveApi.qll index d158fa4a92c..559919f792e 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveApi.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveApi.qll @@ -31,42 +31,3 @@ class UsernameSink extends CredentialsSinkNode { class CryptoKeySink extends CredentialsSinkNode { CryptoKeySink() { sinkNode(this, "credentials-key") } } - -/** - * DEPRECATED: Use the `PasswordSink` class instead. - * Holds if callable `c` from a standard Java API expects a password parameter at index `i`. - */ -deprecated predicate javaApiCallablePasswordParam(Callable c, int i) { - exists(PasswordSink sink, MethodCall mc | - sink.asExpr() = mc.getArgument(i) and c = mc.getCallee() - ) -} - -/** - * DEPRECATED: Use the `UsernameSink` class instead. - * Holds if callable `c` from a standard Java API expects a username parameter at index `i`. - */ -deprecated predicate javaApiCallableUsernameParam(Callable c, int i) { - exists(UsernameSink sink, MethodCall mc | - sink.asExpr() = mc.getArgument(i) and c = mc.getCallee() - ) -} - -/** - * DEPRECATED: Use the `CryptoKeySink` class instead. - * Holds if callable `c` from a standard Java API expects a cryptographic key parameter at index `i`. - */ -deprecated predicate javaApiCallableCryptoKeyParam(Callable c, int i) { - exists(CryptoKeySink sink, MethodCall mc | - sink.asExpr() = mc.getArgument(i) and c = mc.getCallee() - ) -} - -/** - * DEPRECATED: Use the `CredentialsSinkNode` class instead. - * Holds if callable `c` from a known API expects a credential parameter at index `i`. - */ -deprecated predicate otherApiCallableCredentialParam(Callable c, int i) { - c.hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "IvParameterSpec") and - i = 0 -} diff --git a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll index f1ffcaecc51..97ae75988b3 100644 --- a/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll @@ -215,9 +215,6 @@ abstract class MethodCallInsecureFileCreation extends MethodCall { DataFlow::Node getNode() { result.asExpr() = this } } -/** DEPRECATED: Alias for `MethodCallInsecureFileCreation`. */ -deprecated class MethodAccessInsecureFileCreation = MethodCallInsecureFileCreation; - /** * An insecure call to `java.io.File.createTempFile`. */ @@ -236,9 +233,6 @@ class MethodCallInsecureFileCreateTempFile extends MethodCallInsecureFileCreatio override string getFileSystemEntityType() { result = "file" } } -/** DEPRECATED: Alias for `MethodCallInsecureFileCreateTempFile`. */ -deprecated class MethodAccessInsecureFileCreateTempFile = MethodCallInsecureFileCreateTempFile; - /** * The `com.google.common.io.Files.createTempDir` method. */ @@ -259,7 +253,3 @@ class MethodCallInsecureGuavaFilesCreateTempFile extends MethodCallInsecureFileC override string getFileSystemEntityType() { result = "directory" } } - -/** DEPRECATED: Alias for `MethodCallInsecureGuavaFilesCreateTempFile`. */ -deprecated class MethodAccessInsecureGuavaFilesCreateTempFile = - MethodCallInsecureGuavaFilesCreateTempFile; diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index cb76ee37c7b..b16770c222b 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -240,9 +240,6 @@ class UnsafeDeserializationSink extends ApiSinkNode, DataFlow::ExprNode { /** Gets a call that triggers unsafe deserialization. */ MethodCall getMethodCall() { unsafeDeserialization(result, this.getExpr()) } - - /** DEPRECATED: Alias for `getMethodCall`. */ - deprecated MethodCall getMethodAccess() { result = this.getMethodCall() } } /** Holds if `node` is a sanitizer for unsafe deserialization */ diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index fc0b52b6f78..d470997e1be 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -550,21 +550,10 @@ class XmlReaderConfig extends ParserConfig { } } -deprecated private module ExplicitlySafeXmlReaderFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ExplicitlySafeXmlReader } - - predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXmlReaderFlowSink } - - int fieldFlowBranchLimit() { result = 0 } -} - private predicate explicitlySafeXmlReaderNode(DataFlow::Node src) { src.asExpr() instanceof ExplicitlySafeXmlReader } -deprecated private module ExplicitlySafeXmlReaderFlowDeprecated = - DataFlow::Global; - private module ExplicitlySafeXmlReaderFlow = DataFlow::SimpleGlobal; /** An argument to a safe XML reader. */ @@ -608,28 +597,12 @@ class ExplicitlySafeXmlReader extends VarAccess { ) ) } - - /** DEPRECATED. Holds if `SafeXmlReaderFlowSink` detects flow from this to `sink` */ - deprecated predicate flowsTo(SafeXmlReaderFlowSink sink) { - ExplicitlySafeXmlReaderFlowDeprecated::flow(DataFlow::exprNode(this), DataFlow::exprNode(sink)) - } -} - -deprecated private module CreatedSafeXmlReaderFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXmlReader } - - predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SafeXmlReaderFlowSink } - - int fieldFlowBranchLimit() { result = 0 } } private predicate createdSafeXmlReaderNode(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXmlReader } -deprecated private module CreatedSafeXmlReaderFlowDeprecated = - DataFlow::Global; - private module CreatedSafeXmlReaderFlow = DataFlow::SimpleGlobal; /** An `XmlReader` that is obtained from a safe source. */ @@ -651,11 +624,6 @@ class CreatedSafeXmlReader extends Call { package.matches("com.google.%common.xml.parsing") ) } - - /** DEPRECATED. Holds if `CreatedSafeXmlReaderFlowConfig` detects flow from this to `sink` */ - deprecated predicate flowsTo(SafeXmlReaderFlowSink sink) { - CreatedSafeXmlReaderFlowDeprecated::flow(DataFlow::exprNode(this), DataFlow::exprNode(sink)) - } } /* @@ -831,37 +799,10 @@ class TransformerFactoryConfig extends TransformerConfig { } } -/** - * DEPRECATED. - * - * A dataflow configuration that identifies `TransformerFactory` and `SAXTransformerFactory` - * instances that have been safely configured. - */ -deprecated module SafeTransformerFactoryFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeTransformerFactory } - - predicate isSink(DataFlow::Node sink) { - exists(MethodCall ma | - sink.asExpr() = ma.getQualifier() and - ma.getMethod().getDeclaringType() instanceof TransformerFactory - ) - } - - int fieldFlowBranchLimit() { result = 0 } -} - private predicate safeTransformerFactoryNode(DataFlow::Node src) { src.asExpr() instanceof SafeTransformerFactory } -/** - * DEPRECATED. - * - * Identifies `TransformerFactory` and `SAXTransformerFactory` - * instances that have been safely configured. - */ -deprecated module SafeTransformerFactoryFlow = DataFlow::Global; - private module SafeTransformerFactoryFlow2 = DataFlow::SimpleGlobal; /** A safely configured `TransformerFactory`. */ diff --git a/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll b/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll index 53b213aa3be..41239f249a2 100644 --- a/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll +++ b/java/ql/src/Likely Bugs/Resource Leaks/CloseType.qll @@ -54,9 +54,6 @@ class SqlResourceOpeningMethodCall extends MethodCall { } } -/** DEPRECATED: Alias for `SqlResourceOpeningMethodCall`. */ -deprecated class SqlResourceOpeningMethodAccess = SqlResourceOpeningMethodCall; - /** * A candidate for a "closeable init" expression, which may require calling a "close" method. */ diff --git a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll index cc84fb87324..7a2c69e8b3c 100644 --- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll +++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll @@ -104,18 +104,6 @@ class ImportDeclaration extends Stmt, Import, @import_declaration { */ ObjectExpr getImportAttributes() { result = this.getChildExpr(-10) } - /** - * DEPRECATED: use `getImportAttributes` instead. - * Gets the object literal passed as part of the `with` (or `assert`) clause in this import declaration. - * - * For example, this gets the `{ type: "json" }` object literal in the following: - * ```js - * import foo from "foo" with { type: "json" }; - * import foo from "foo" assert { type: "json" }; - * ``` - */ - deprecated ObjectExpr getImportAssertion() { result = this.getImportAttributes() } - /** Gets the `i`th import specifier of this import declaration. */ ImportSpecifier getSpecifier(int i) { result = this.getChildExpr(i) } @@ -350,21 +338,6 @@ abstract class ExportDeclaration extends Stmt, @export_declaration { * ``` */ ObjectExpr getImportAttributes() { result = this.getChildExpr(-10) } - - /** - * DEPRECATED: use `getImportAttributes` instead. - * Gets the object literal passed as part of the `with` (or `assert`) clause, if this is - * a re-export declaration. - * - * For example, this gets the `{ type: "json" }` expression in each of the following: - * ```js - * export { x } from 'foo' with { type: "json" }; - * export * from 'foo' with { type: "json" }; - * export * as x from 'foo' with { type: "json" }; - * export * from 'foo' assert { type: "json" }; - * ``` - */ - deprecated ObjectExpr getImportAssertion() { result = this.getImportAttributes() } } /** diff --git a/javascript/ql/lib/semmle/javascript/Expr.qll b/javascript/ql/lib/semmle/javascript/Expr.qll index 0049c5f5aca..4103321d580 100644 --- a/javascript/ql/lib/semmle/javascript/Expr.qll +++ b/javascript/ql/lib/semmle/javascript/Expr.qll @@ -2830,17 +2830,6 @@ class DynamicImportExpr extends @dynamic_import, Expr, Import { */ Expr getImportOptions() { result = this.getChildExpr(1) } - /** - * DEPRECATED: use `getImportOptions` instead. - * Gets the second "argument" to the import expression, that is, the `Y` in `import(X, Y)`. - * - * For example, gets the `{ with: { type: "json" }}` expression in the following: - * ```js - * import('foo', { with: { type: "json" }}) - * ``` - */ - deprecated Expr getImportAttributes() { result = this.getImportOptions() } - override Module getEnclosingModule() { result = this.getTopLevel() } override DataFlow::Node getImportedModuleNode() { result = DataFlow::valueNode(this) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll index 15d0fa151d7..c3bc6f45194 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll @@ -39,19 +39,3 @@ module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig { * Taint tracking flow for sensitive information in broken or weak cryptographic algorithms. */ module BrokenCryptoAlgorithmFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `BrokenCryptoAlgorithmFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "BrokenCryptoAlgorithm" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll index c044d7b0cbc..607ed822499 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll @@ -38,24 +38,3 @@ module BuildArtifactLeakConfig implements DataFlow::ConfigSig { * Taint tracking flow for storage of sensitive information in build artifact. */ module BuildArtifactLeakFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `BuildArtifactLeakFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "BuildArtifactLeak" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(CleartextLogging::Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof CleartextLogging::Barrier } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - CleartextLogging::isAdditionalTaintStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll index 5dca4cf1df2..38ebc9eb53d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll @@ -15,22 +15,12 @@ module CleartextLogging { abstract class Source extends DataFlow::Node { /** Gets a string that describes the type of this data flow source. */ abstract string describe(); - - /** - * DEPRECATED. Overriding this predicate no longer has any effect. - */ - deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** * A data flow sink for clear-text logging of sensitive information. */ - abstract class Sink extends DataFlow::Node { - /** - * DEPRECATED. Overriding this predicate no longer has any effect. - */ - deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } - } + abstract class Sink extends DataFlow::Node { } /** * A barrier for clear-text logging of sensitive information. @@ -198,15 +188,6 @@ module CleartextLogging { } } - /** - * DEPRECATED. Use `Barrier` instead, sanitized have been replaced by sanitized nodes. - * - * Holds if the edge `pred` -> `succ` should be sanitized for clear-text logging of sensitive information. - */ - deprecated predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) { - succ.(DataFlow::PropRead).getBase() = pred - } - /** * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll index efed5ba46ab..131904006ce 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll @@ -49,24 +49,3 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig { * Taint tracking flow for clear-text logging of sensitive information. */ module CleartextLoggingFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CleartextLoggingFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CleartextLogging" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Barrier } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - CleartextLogging::isAdditionalTaintStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll index 0fbd576959e..d285bb49d2a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll @@ -30,16 +30,3 @@ module ClearTextStorageConfig implements DataFlow::ConfigSig { } module ClearTextStorageFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ClearTextStorageFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClearTextStorage" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll index 155aaca59c1..da4f68dd7d3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll @@ -45,30 +45,3 @@ module ClientSideRequestForgeryConfig implements DataFlow::ConfigSig { * Taint tracking for client-side request forgery. */ module ClientSideRequestForgeryFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ClientSideRequestForgeryFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClientSideRequestForgery" } - - override predicate isSource(DataFlow::Node source) { - exists(Source src | - source = src and - not src.isServerSide() - ) - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isAdditionalRequestForgeryStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll index 526eaf1be36..cf377f43d46 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll @@ -62,48 +62,3 @@ module ClientSideUrlRedirectConfig implements DataFlow::StateConfigSig { * Taint-tracking flow for reasoning about unvalidated URL redirections. */ module ClientSideUrlRedirectFlow = TaintTracking::GlobalWithState; - -/** - * A taint-tracking configuration for reasoning about unvalidated URL redirections. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ClientSideUrlRedirect" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getAFlowLabel() = lbl - } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - ClientSideUrlRedirectConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), - node2, FlowState::fromFlowLabel(state2)) - or - // Preserve document.url label in step from `location` to `location.href` or `location.toString()` - state1 instanceof DocumentUrl and - state2 instanceof DocumentUrl and - ( - node2.(DataFlow::PropRead).accesses(node1, "href") - or - exists(DataFlow::CallNode call | - call.getCalleeName() = "toString" and - node1 = call.getReceiver() and - node2 = call - ) - ) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof HostnameSanitizerGuard - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll index cc9b3f16a4f..450c067f97a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll @@ -32,23 +32,3 @@ module CodeInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about code injection vulnerabilities. */ module CodeInjectionFlow = TaintTracking::Global; - -/** - * DEPRRECATED. Use the `CodeInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CodeInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { - CodeInjectionConfig::isAdditionalFlowStep(node1, node2) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll index 7c013e1f4ac..b7e08b412ed 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll @@ -45,16 +45,3 @@ module CommandInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about command-injection vulnerabilities. */ module CommandInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } - - override predicate isSource(DataFlow::Node source) { CommandInjectionConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { CommandInjectionConfig::isSink(sink) } - - override predicate isSanitizer(DataFlow::Node node) { CommandInjectionConfig::isBarrier(node) } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll index 759a97291c3..59990d05e17 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll @@ -35,26 +35,6 @@ module ConditionalBypassConfig implements DataFlow::ConfigSig { */ module ConditionalBypassFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ConditionalBypassFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ConditionalBypass" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - ConditionalBypassConfig::isAdditionalFlowStep(src, dst) - } -} - /** * Holds if the value of `nd` flows into `guard`. */ @@ -149,61 +129,3 @@ predicate isEarlyAbortGuardNode(ConditionalBypassFlow::PathNode e, SensitiveActi not action.asExpr().getEnclosingStmt().nestedIn(guard) ) } - -/** - * Holds if `sink` guards `action`, and `source` taints `sink`. - * - * If flow from `source` taints `sink`, then an attacker can - * control if `action` should be executed or not. - */ -deprecated predicate isTaintedGuardForSensitiveAction( - DataFlow::PathNode sink, DataFlow::PathNode source, SensitiveAction action -) { - action = sink.getNode().(Sink).getAction() and - // exclude the intermediary sink - not sink.getNode() instanceof SensitiveActionGuardComparisonOperand and - exists(Configuration cfg | - // ordinary taint tracking to a guard - cfg.hasFlowPath(source, sink) - or - // taint tracking to both operands of a guard comparison - exists( - SensitiveActionGuardComparison cmp, DataFlow::PathNode lSource, DataFlow::PathNode rSource, - DataFlow::PathNode lSink, DataFlow::PathNode rSink - | - sink.getNode() = cmp.getGuard() and - cfg.hasFlowPath(lSource, lSink) and - lSink.getNode() = DataFlow::valueNode(cmp.getLeftOperand()) and - cfg.hasFlowPath(rSource, rSink) and - rSink.getNode() = DataFlow::valueNode(cmp.getRightOperand()) - | - source = lSource or - source = rSource - ) - ) -} - -/** - * Holds if `e` effectively guards access to `action` by returning or throwing early. - * - * Example: `if (e) return; action(x)`. - */ -deprecated predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { - exists(IfStmt guard | - // `e` is in the condition of an if-statement ... - e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and - // ... where the then-branch always throws or returns - exists(Stmt abort | - abort instanceof ThrowStmt or - abort instanceof ReturnStmt - | - abort.nestedIn(guard) and - abort.getBasicBlock().(ReachableBasicBlock).postDominates(guard.getThen().getBasicBlock()) - ) and - // ... and the else-branch does not exist - not exists(guard.getElse()) - | - // ... and `action` is outside the if-statement - not action.asExpr().getEnclosingStmt().nestedIn(guard) - ) -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll index b74c16eb031..c68c741bc83 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll @@ -37,23 +37,3 @@ module CorsMisconfigurationConfig implements DataFlow::ConfigSig { * Data flow for CORS misconfiguration for credentials transfer. */ module CorsMisconfigurationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `CorsMisconfigurationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CorsMisconfigurationForCredentials" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll index ad03ad93b94..457d0c8112f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll @@ -52,33 +52,3 @@ module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig { */ module DeepObjectResourceExhaustionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "DeepObjectResourceExhaustion" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index b9f27c6a8c2..73bd03d9b13 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -322,13 +322,6 @@ module DomBasedXss { private class HtmlSanitizerAsSanitizer extends Sanitizer instanceof HtmlSanitizerCall { } - /** - * DEPRECATED. Use `isOptionallySanitizedNode` instead. - * - * Holds if there exists two dataflow edges to `succ`, where one edges is sanitized, and the other edge starts with `pred`. - */ - deprecated predicate isOptionallySanitizedEdge = isOptionallySanitizedEdgeInternal/2; - bindingset[call] pragma[inline_late] private SsaVariable getSanitizedSsaVariable(HtmlSanitizerCall call) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index 36d5b3ba0a6..5e30a5dafa1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -122,40 +122,6 @@ module DomBasedXssConfig implements DataFlow::StateConfigSig { */ module DomBasedXssFlow = TaintTracking::GlobalWithState; -/** - * DEPRECATED. Use the `DomBasedXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HtmlInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - DomBasedXssConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - DomBasedXssConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isSanitizer(DataFlow::Node node) { DomBasedXssConfig::isBarrier(node) } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - DomBasedXssConfig::isBarrier(node, FlowState::fromFlowLabel(lbl)) - } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - DomBasedXssConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, - FlowState::fromFlowLabel(state2)) - or - // inherit all ordinary taint steps for the prefix label - state1 = prefixLabel() and - state2 = prefixLabel() and - TaintTracking::sharedTaintStep(node1, node2) - } -} - private class PrefixStringSanitizerActivated extends PrefixStringSanitizer { PrefixStringSanitizerActivated() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll index d7f4fe954f9..a4b677d2946 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll @@ -163,33 +163,3 @@ module ExceptionXssConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about XSS with possible exceptional flow. */ module ExceptionXssFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `ExceptionXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ExceptionXss" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof XssShared::Sink and not label instanceof NotYetThrown - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof XssShared::Sanitizer } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - ExceptionXssConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), succ, - FlowState::fromFlowLabel(outlbl)) - or - // All the usual taint-flow steps apply on data-flow before it has been thrown in an exception. - // Note: this step is not needed in StateConfigSig module since flow states inherit taint steps. - this.isAdditionalFlowStep(pred, succ) and - inlbl instanceof NotYetThrown and - outlbl instanceof NotYetThrown - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index 7972c379e87..dcf79522104 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -43,55 +43,6 @@ module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { module ExternalAPIUsedWithUntrustedDataFlow = TaintTracking::Global; -/** - * Flow label for objects from which a tainted value is reachable. - * - * Only used by the legacy data-flow configuration, as the new data flow configuration - * uses `allowImplicitRead` to achieve this instead. - */ -deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { - ObjectWrapperFlowLabel() { this = "object-wrapper" } -} - -/** - * DEPRECATED. Use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ExternalAPIUsedWithUntrustedData" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink instanceof Sink and - (lbl.isTaint() or lbl instanceof ObjectWrapperFlowLabel) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predLbl, - DataFlow::FlowLabel succLbl - ) { - // Step into an object and switch to the 'object-wrapper' label. - exists(DataFlow::PropWrite write | - pred = write.getRhs() and - succ = write.getBase().getALocalSource() and - (predLbl.isTaint() or predLbl instanceof ObjectWrapperFlowLabel) and - succLbl instanceof ObjectWrapperFlowLabel - ) - } - - override predicate isSanitizerIn(DataFlow::Node node) { - // Block flow from the location to its properties, as the relevant properties (hash and search) are taint sources of their own. - // The location source is only used for propagating through API calls like `new URL(location)` and into external APIs where - // the whole location object escapes. - node = DOM::locationRef().getAPropertyRead() - } -} - /** A node representing data being passed to an external API. */ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 21efb2b7770..6767baf8bb7 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -32,27 +32,3 @@ module FileAccessToHttpConfig implements DataFlow::ConfigSig { * Taint tracking for file data in outbound network requests. */ module FileAccessToHttpFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `FileAccessToHttpFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "FileAccessToHttp" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - // taint entire object on property write - exists(DataFlow::PropWrite pwr | - succ = pwr.getBase() and - pred = pwr.getRhs() - ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll index d589b3a1559..14e5d4f0ed5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll @@ -77,25 +77,3 @@ module HardcodedCredentialsConfig implements DataFlow::ConfigSig { * Data flow for reasoning about hardcoded credentials. */ module HardcodedCredentials = DataFlow::Global; - -/** - * DEPRECATED. Use the `HardcodedCredentials` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "HardcodedCredentials" } - - override predicate isSource(DataFlow::Node source) { - HardcodedCredentialsConfig::isSource(source) - } - - override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - HardcodedCredentialsConfig::isBarrier(node) - } - - override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { - HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll index 0d33ee11876..3d79fdd7553 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll @@ -43,20 +43,3 @@ module HardcodedDataInterpretedAsCodeConfig implements DataFlow::StateConfigSig */ module HardcodedDataInterpretedAsCodeFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `HardcodedDataInterpretedAsCodeFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HardcodedDataInterpretedAsCode" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { - source.(Source).getLabel() = lbl - } - - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { - nd.(Sink).getLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index 4271ef3e9b6..07ecb1333b6 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -25,14 +25,3 @@ module HostHeaderPoisoningConfig implements DataFlow::ConfigSig { * Taint tracking configuration host header poisoning. */ module HostHeaderPoisoningFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedHostHeader" } - - override predicate isSource(DataFlow::Node node) { HostHeaderPoisoningConfig::isSource(node) } - - override predicate isSink(DataFlow::Node node) { HostHeaderPoisoningConfig::isSink(node) } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll index 0525367d1e2..51992d4be47 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll @@ -25,19 +25,3 @@ module HttpToFileAccessConfig implements DataFlow::ConfigSig { * Taint tracking for writing user-controlled data to files. */ module HttpToFileAccessFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `HttpToFileAccessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HttpToFileAccess" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll index 1601208ed38..1d65dc6d59e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll @@ -27,16 +27,3 @@ module ImproperCodeSanitizationConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about improper code sanitization vulnerabilities. */ module ImproperCodeSanitizationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ImproperCodeSanitizationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ImproperCodeSanitization" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll index 578c15635bb..697f04c6c5c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll @@ -51,35 +51,3 @@ module IncompleteHtmlAttributeSanitizationConfig implements DataFlow::StateConfi */ module IncompleteHtmlAttributeSanitizationFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `IncompleteHtmlAttributeSanitizationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "IncompleteHtmlAttributeSanitization" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = Label::characterToLabel(source.(Source).getAnUnsanitizedCharacter()) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = Label::characterToLabel(sink.(Sink).getADangerousCharacter()) - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - super.isAdditionalFlowStep(src, dst) and srclabel = dstlabel - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - lbl = Label::characterToLabel(node.(StringReplaceCall).getAReplacedString()) or - this.isSanitizer(node) - } - - override predicate isSanitizer(DataFlow::Node n) { - n instanceof Sanitizer or - super.isSanitizer(n) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll index 87d85911a1b..bc993d7577a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll @@ -41,26 +41,3 @@ module IndirectCommandInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about command-injection vulnerabilities. */ module IndirectCommandInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `IndirectCommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "IndirectCommandInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - /** - * Holds if `sink` is a data-flow sink for command-injection vulnerabilities, and - * the alert should be placed at the node `highlight`. - */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } - - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll index ffcfead7896..156a0248c88 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll @@ -37,23 +37,3 @@ module InsecureDownloadConfig implements DataFlow::StateConfigSig { * Taint tracking for download of sensitive file through insecure connection. */ module InsecureDownloadFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `InsecureDownload` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "InsecureDownload" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - InsecureDownloadConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - InsecureDownloadConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - InsecureDownloadConfig::isBarrier(node) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll index 1fa4cd272b3..6b3b33968b4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll @@ -48,28 +48,3 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig { * Taint tracking for random values that are not cryptographically secure. */ module InsecureRandomnessFlow = DataFlow::Global; - -/** - * DEPRECATED. Use the `InsecureRandomnessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsecureRandomness" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - // not making use of `super.isSanitizer`: those sanitizers are not for this kind of data - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - // stop propagation at the sinks to avoid double reporting - this.isSink(node) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - InsecureRandomness::isAdditionalTaintStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll index ee2f1bb96d1..7127700b87b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll @@ -27,19 +27,3 @@ module InsecureTemporaryFileConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about insecure temporary file creation. */ module InsecureTemporaryFileFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `InsecureTemporaryFileFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsecureTemporaryFile" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll index c2959256988..fc9dd3ad9a2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll @@ -33,19 +33,3 @@ module InsufficientPasswordHashConfig implements DataFlow::ConfigSig { * Taint tracking for password hashing with insufficient computational effort. */ module InsufficientPasswordHashFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `InsufficientPasswordHashFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "InsufficientPasswordHash" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll index 9f206070905..9659b90f435 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll @@ -37,19 +37,6 @@ module LogInjectionConfig implements DataFlow::ConfigSig { */ module LogInjectionFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `LogInjectionFlow` module instead. - */ -deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { - LogInjectionConfiguration() { this = "LogInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} - /** * A source of remote user controlled input. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll index 522df62eca5..52e0e1a46da 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll @@ -46,31 +46,3 @@ module LoopBoundInjectionConfig implements DataFlow::StateConfigSig { * Taint tracking configuration for reasoning about looping on tainted objects with unbounded length. */ module LoopBoundInjectionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `LoopBoundInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "LoopBoundInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source instanceof Source and label = TaintedObject::label() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard or - guard instanceof IsArraySanitizerGuard or - guard instanceof InstanceofArraySanitizerGuard or - guard instanceof LengthCheckSanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll index e7d93aabb97..f7e2c5a442a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll @@ -59,37 +59,3 @@ module NosqlInjectionConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about SQL-injection vulnerabilities. */ module NosqlInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `NosqlInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "NosqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - TaintedObject::isSource(source, label) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getAFlowLabel() = label - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, - DataFlow::FlowLabel state2 - ) { - NosqlInjectionConfig::isAdditionalFlowStep(node1, FlowState::fromFlowLabel(state1), node2, - FlowState::fromFlowLabel(state2)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index 188f2d20fd7..aa8c7fcf0fa 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -11,10 +11,6 @@ import javascript import PostMessageStarCustomizations::PostMessageStar // Materialize flow labels -deprecated private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { - ConcretePartiallyTaintedObject() { this = this } -} - /** * A taint tracking configuration for cross-window communication with unrestricted origin. * @@ -45,44 +41,3 @@ module PostMessageStarConfig implements DataFlow::ConfigSig { * A taint tracking configuration for cross-window communication with unrestricted origin. */ module PostMessageStarFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `PostMessageStarFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PostMessageStar" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) { - sink instanceof Sink and lbl = anyLabel() - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - // writing a tainted value to an object property makes the object partially tainted - exists(DataFlow::PropWrite write | - write.getRhs() = src and - inlbl = anyLabel() and - trg.(DataFlow::SourceNode).flowsTo(write.getBase()) and - outlbl instanceof PartiallyTaintedObject - ) - or - // `toString` or `JSON.toString` on a partially tainted object gives a tainted value - exists(DataFlow::InvokeNode toString | toString = trg | - toString.(DataFlow::MethodCallNode).calls(src, "toString") - or - src = toString.(JsonStringifyCall).getInput() - ) and - inlbl instanceof PartiallyTaintedObject and - outlbl.isTaint() - or - // `valueOf` preserves partial taint - trg.(DataFlow::MethodCallNode).calls(src, "valueOf") and - inlbl instanceof PartiallyTaintedObject and - outlbl = inlbl - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll index 96eed4cadc2..076ebf6e9de 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll @@ -140,78 +140,6 @@ predicate isIgnoredLibraryFlow(ExternalInputSource source, Sink sink) { ) } -/** - * DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollutingAssignment" } - - override predicate isSource(DataFlow::Node node) { node instanceof Source } - - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { - node.(Sink).getAFlowLabel() = lbl - } - - override predicate isSanitizer(DataFlow::Node node) { - PrototypePollutingAssignmentConfig::isBarrier(node) - } - - override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { - // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving - // step because it preserves all properties, but the destination is not actually Object.prototype. - node = any(ExtendCall call).getASourceOperand() and - lbl instanceof ObjectPrototype - } - - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - PrototypePollutingAssignmentConfig::isAdditionalFlowStep(pred, FlowState::fromFlowLabel(inlbl), - succ, FlowState::fromFlowLabel(outlbl)) - } - - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - // require that there is a path without unmatched return steps - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) and - // filter away paths that start with library inputs and end with a write to a fixed property. - not exists(ExternalInputSource src, Sink snk, DataFlow::PropWrite write | - source.getNode() = src and sink.getNode() = snk - | - snk = write.getBase() and - ( - // fixed property name - exists(write.getPropertyName()) - or - // non-string property name (likely number) - exists(Expr prop | prop = write.getPropertyNameExpr() | - not prop.analyze().getAType() = TTString() - ) - ) - ) - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - super.isLabeledBarrier(node, lbl) - or - // Don't propagate into the receiver, as the method lookups will generally fail on Object.prototype. - node instanceof DataFlow::ThisNode and - lbl instanceof ObjectPrototype - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PropertyPresenceCheck or - guard instanceof InExprCheck or - guard instanceof InstanceofCheck or - guard instanceof IsArrayCheck or - guard instanceof TypeofCheck or - guard instanceof NumberGuard or - guard instanceof EqualityCheck or - guard instanceof IncludesCheck or - guard instanceof DenyListInclusionGuard - } -} - /** Gets a data flow node referring to an object created with `Object.create`. */ DataFlow::SourceNode prototypeLessObject() { result = prototypeLessObject(DataFlow::TypeTracker::end()) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll index 86fbb1273d9..44cddc00f74 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll @@ -13,13 +13,6 @@ import semmle.javascript.dependencies.SemVer import PrototypePollutionCustomizations::PrototypePollution // Materialize flow labels -/** - * We no longer use this flow label, since it does not work in a world where flow states inherit taint steps. - */ -deprecated private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { - ConcreteTaintedObjectWrapper() { this = this } -} - /** * A taint tracking configuration for user-controlled objects flowing into deep `extend` calls, * leading to prototype pollution. @@ -65,36 +58,3 @@ module PrototypePollutionConfig implements DataFlow::StateConfigSig { * leading to prototype pollution. */ module PrototypePollutionFlow = TaintTracking::GlobalWithState; - -/** - * DEPRECATED. Use the `PrototypePollutionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollution" } - - override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { - node.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { - node.(Sink).getAFlowLabel() = label - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, dst, inlbl, outlbl) - or - // Track objects are wrapped in other objects - exists(DataFlow::PropWrite write | - src = write.getRhs() and - inlbl = TaintedObject::label() and - dst = write.getBase().getALocalSource() and - outlbl = TaintedObjectWrapper::label() - ) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof TaintedObject::SanitizerGuard - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 55688d4b5ff..3317d3c69fd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -27,27 +27,6 @@ module ReflectedXssConfig implements DataFlow::ConfigSig { */ module ReflectedXssFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ReflectedXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ReflectedXss" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } -} - private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll index 606b0df6251..08d0b2caf6a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll @@ -27,19 +27,3 @@ module RegExpInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for untrusted user input used to construct regular expressions. */ module RegExpInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RegExpInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RegExpInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll index 8f1f174d8ec..d8f1e462217 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll @@ -31,20 +31,3 @@ module RemotePropertyInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about remote property injection. */ module RemotePropertyInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RemotePropertyInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RemotePropertyInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer or - node = StringConcatenation::getRoot(any(ConstantString str).flow()) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll index 2628fadedbf..23f8f4bdd13 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll @@ -40,28 +40,3 @@ module RequestForgeryConfig implements DataFlow::ConfigSig { * Taint tracking for server-side request forgery. */ module RequestForgeryFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `RequestForgeryFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "RequestForgery" } - - override predicate isSource(DataFlow::Node source) { RequestForgeryConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { RequestForgeryConfig::isSink(sink) } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - RequestForgeryConfig::isBarrierOut(node) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - RequestForgeryConfig::isAdditionalFlowStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll index cfad2443228..dcedce3049a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll @@ -36,31 +36,6 @@ module ResourceExhaustionConfig implements DataFlow::ConfigSig { */ module ResourceExhaustionFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ResourceExhaustionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ResourceExhaustion" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer or - node = any(DataFlow::PropRead read | read.getPropertyName() = "length") - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - isNumericFlowStep(src, dst) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof UpperBoundsCheckSanitizerGuard - } -} - /** Holds if data is converted to a number from `src` to `dst`. */ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) { exists(DataFlow::CallNode c | diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index 0c5af5abd37..41ae0563d9d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -56,32 +56,3 @@ module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { */ module SecondOrderCommandInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `SecondOrderCommandInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SecondOrderCommandInjection" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getALabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getALabel() = label - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PrefixStringSanitizer or - guard instanceof DoubleDashSanitizer or - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index e889480b48b..7ba27a362f8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -39,35 +39,6 @@ module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { */ module ServerSideUrlRedirectFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ServerSideUrlRedirect" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerOut(DataFlow::Node node) { - ServerSideUrlRedirectConfig::isBarrierOut(node) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof LocalUrlSanitizingGuard or - guard instanceof HostnameSanitizerGuard - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) - } -} - /** * A call to a function called `isLocalUrl` or similar, which is * considered to sanitize a variable for purposes of URL redirection. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll index 1d396da5b20..e74aa829340 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll @@ -43,23 +43,3 @@ module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig */ module ShellCommandInjectionFromEnvironmentFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `ShellCommandInjectionFromEnvironmentFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "ShellCommandInjectionFromEnvironment" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - /** Holds if `sink` is a command-injection sink with `highlight` as the corresponding alert location. */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } - - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll index 69dabac1468..85ae77d9d37 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll @@ -39,23 +39,3 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about string based query injection vulnerabilities. */ module SqlInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `SqlInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - SqlInjectionConfig::isAdditionalFlowStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll index 254df5aabe6..0295124f44c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll @@ -36,20 +36,3 @@ module StackTraceExposureConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about stack trace exposure problems. */ module StackTraceExposureFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `StackTraceExposureFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } - - override predicate isSource(DataFlow::Node src) { src instanceof Source } - - override predicate isSanitizer(DataFlow::Node nd) { - super.isSanitizer(nd) - or - StackTraceExposureConfig::isBarrier(nd) - } - - override predicate isSink(DataFlow::Node snk) { snk instanceof Sink } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll index 48e186bd71e..fa25fa1e58b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll @@ -27,27 +27,6 @@ module StoredXssConfig implements DataFlow::ConfigSig { */ module StoredXssFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `StoredXssFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StoredXss" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } -} - private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll index 55338477cb4..8ecdde85e76 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll @@ -27,19 +27,3 @@ module TaintedFormatStringConfig implements DataFlow::ConfigSig { * Taint-tracking for format injections. */ module TaintedFormatStringFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `TaintedFormatStringFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedFormatString" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index dc23b895a4f..e7961fdfa10 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -69,8 +69,6 @@ module TaintedPath { } } - deprecated class BarrierGuardNode = BarrierGuard; - private newtype TFlowState = TPosixPath(FlowState::Normalization normalization, FlowState::Relativeness relativeness) or TSplitPath() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll index 8b50a69cedc..6c601f294bf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll @@ -55,34 +55,3 @@ module TaintedPathConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about tainted-path vulnerabilities. */ module TaintedPathFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `TaintedPathFlow` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "TaintedPath" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = source.(Source).getAFlowLabel() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = sink.(Sink).getAFlowLabel() - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof BarrierGuardNode - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - isAdditionalTaintedPathFlowStep(src, dst, srclabel, dstlabel) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 348e59937b5..659f7a95282 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -53,30 +53,3 @@ module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { * Taint tracking for reasoning about template object injection vulnerabilities. */ module TemplateObjectInjectionFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead. - */ -deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration { - TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getAFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof Sink and label = TaintedObject::label() - } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TaintedObject::SanitizerGuard - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl - ) { - TaintedObject::step(src, trg, inlbl, outlbl) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll index 03e8c5c48eb..28a86e7f69f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll @@ -59,25 +59,3 @@ private class IsArrayBarrier extends BarrierGuard, DataFlow::CallNode { outcome = [true, false] // separation between string/array removes type confusion in both branches } } - -/** - * DEPRECATED. Use the `TypeConfusionFlow` module instead. - */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "TypeConfusionThroughParameterTampering" } - - override predicate isSource(DataFlow::Node source) { TypeConfusionConfig::isSource(source) } - - override predicate isSink(DataFlow::Node sink) { TypeConfusionConfig::isSink(sink) } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof Barrier - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TypeOfTestBarrier or - guard instanceof IsArrayBarrier - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll index e29d5d87a70..92d7d6caf76 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll @@ -46,33 +46,4 @@ module UnsafeCodeConstruction { * Taint-tracking for reasoning about unsafe code constructed from library input. */ module UnsafeCodeConstructionFlow = TaintTracking::Global; - - /** - * DEPRECATED. Use the `UnsafeCodeConstructionFlow` module instead. - */ - deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeCodeConstruction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof CodeInjection::Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // HTML sanitizers are insufficient protection against code injection - src = trg.(HtmlSanitizerCall).getInput() - or - DataFlow::localFieldStep(src, trg) - } - - // override to require that there is a path without unmatched return steps - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll index b0621c6ac48..75af7cd4d86 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll @@ -26,19 +26,3 @@ module UnsafeDeserializationConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about unsafe deserialization. */ module UnsafeDeserializationFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `UnsafeDeserializationFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDeserialization" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 423b50f17f7..dc468762c93 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -83,39 +83,3 @@ module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { * Taint-tracking for reasoning about unsafe dynamic method access. */ module UnsafeDynamicMethodAccessFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `UnsafeDynamicMethodAccessFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDynamicMethodAccess" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - UnsafeDynamicMethodAccessConfig::isSource(source, FlowState::fromFlowLabel(label)) - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - UnsafeDynamicMethodAccessConfig::isSink(sink, FlowState::fromFlowLabel(label)) - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - UnsafeDynamicMethodAccessConfig::isBarrier(node) - } - - /** - * Holds if a property of the given object is an unsafe function. - */ - predicate hasUnsafeMethods(DataFlow::SourceNode node) { - PropertyInjection::hasUnsafeMethods(node) // Redefined here so custom queries can override it - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - UnsafeDynamicMethodAccessConfig::additionalFlowStep(src, FlowState::fromFlowLabel(srclabel), - dst, FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll index 913329813c1..3c962c3814e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll @@ -9,9 +9,6 @@ private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizati import UnsafeHtmlConstructionCustomizations::UnsafeHtmlConstruction import semmle.javascript.security.TaintedObject -/** DEPRECATED: Mis-spelled class name, alias for Configuration. */ -deprecated class Configration = Configuration; - /** * A taint-tracking configuration for reasoning about unsafe HTML constructed from library input vulnerabilities. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll index 75eeaf20cfa..245d75b3533 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll @@ -51,47 +51,6 @@ module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig { */ module UnsafeJQueryPluginFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `UnsafeJQueryPluginFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeJQueryPlugin" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof DomBasedXss::Sanitizer - or - node instanceof Sanitizer - } - - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) { - // jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor. - DataFlow::localFieldStep(src, sink) or - aliasPropertyPresenceStep(src, sink) - } - - override predicate isSanitizerOut(DataFlow::Node node) { - // prefixing prevents forced html/css confusion: - // prefixing through concatenation: - StringConcatenation::taintStep(node, _, _, any(int i | i >= 1)) - or - // prefixing through a poor-mans templating system: - node = any(StringReplaceCall call).getRawReplacement() - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - super.isSanitizerGuard(node) or - node instanceof IsElementSanitizer or - node instanceof PropertyPresenceSanitizer or - node instanceof NumberGuard - } -} - /** * Holds if there is a taint-step from `src` to `sink`, * where `src` is a property read that acts as a sanitizer for the base, diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll index e006c2a2f49..2b1a340b8e6 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -42,33 +42,3 @@ module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig { */ module UnsafeShellCommandConstructionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `UnsafeShellCommandConstructionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeShellCommandConstruction" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PathExistsSanitizerGuard or - guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer or - guard instanceof NumberGuard or - guard instanceof TypeOfSanitizer - } - - // override to require that there is a path without unmatched return steps - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFieldStep(pred, succ) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll index e516167a30b..4a0b1865ece 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll @@ -92,18 +92,6 @@ module UnvalidatedDynamicMethodCall { /** DEPRECATED. Use `getAFlowState()` instead. */ deprecated DataFlow::FlowLabel getFlowLabel() { result = this.getAFlowState().toFlowLabel() } - - /** - * DEPRECATED. Use sanitizer nodes instead. - * - * This predicate no longer has any effect. The `this` value of `Sanitizer` is instead - * treated as a sanitizing node, that is, flow in and out of that node is prohibited. - */ - deprecated predicate sanitizes( - DataFlow::Node source, DataFlow::Node sink, DataFlow::FlowLabel lbl - ) { - none() - } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll index 7b6a6124eda..8cf5279fe42 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll @@ -100,37 +100,3 @@ module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig { */ module UnvalidatedDynamicMethodCallFlow = DataFlow::GlobalWithState; - -/** - * DEPRECATED. Use the `UnvalidatedDynamicMethodCallFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnvalidatedDynamicMethodCall" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getFlowLabel() = label - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getFlowLabel() = label - } - - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { - super.isLabeledBarrier(node, label) - or - node.(Sanitizer).getFlowLabel() = label - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof NumberGuard or - guard instanceof FunctionCheck - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - UnvalidatedDynamicMethodCallConfig::isAdditionalFlowStep(src, - FlowState::fromFlowLabel(srclabel), dst, FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll index 99f5874cf57..ae469c3e575 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll @@ -27,19 +27,3 @@ module XmlBombConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about XML-bomb vulnerabilities. */ module XmlBombFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XmlBombFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XmlBomb" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll index fcae5a0eb76..991d7b3f6fc 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll @@ -28,19 +28,3 @@ module XpathInjectionConfig implements DataFlow::ConfigSig { * Taint-tracking for untrusted user input used in XPath expression. */ module XpathInjectionFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XpathInjectionFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XpathInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll index a9292bbdd4d..a803362ad11 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll @@ -46,46 +46,6 @@ predicate isIgnoredSourceSinkPair(Source source, DomBasedXss::Sink sink) { sink instanceof DomBasedXss::WriteUrlSink } -/** - * DEPRECATED. Use the `XssThroughDomFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "XssThroughDOM" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof DomBasedXss::Sanitizer or - DomBasedXss::isOptionallySanitizedNode(node) - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof TypeTestGuard or - guard instanceof UnsafeJQuery::PropertyPresenceSanitizer or - guard instanceof UnsafeJQuery::NumberGuard or - guard instanceof PrefixStringSanitizer or - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - succ = DataFlow::globalVarRef("URL").getAMemberCall("createObjectURL") and - pred = succ.(DataFlow::InvokeNode).getArgument(0) - } - - override predicate hasFlowPath(DataFlow::SourcePathNode src, DataFlow::SinkPathNode sink) { - super.hasFlowPath(src, sink) and - // filtering away readings of `src` that end in a URL sink. - not ( - sink.getNode() instanceof DomBasedXss::WriteUrlSink and - src.getNode().(DomPropertySource).getPropertyName() = "src" - ) - } -} - /** A test for the value of `typeof x`, restricting the potential types of `x`. */ class TypeTestGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll index 616768030a3..191e263fa52 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll @@ -27,19 +27,3 @@ module XxeConfig implements DataFlow::ConfigSig { * Taint-tracking for reasoning about XXE vulnerabilities. */ module XxeFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `XxeFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "Xxe" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll index b59a78462b8..7c6a34563b8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll @@ -50,33 +50,3 @@ module ZipSlipConfig implements DataFlow::StateConfigSig { /** A taint tracking configuration for unsafe archive extraction. */ module ZipSlipFlow = DataFlow::GlobalWithState; - -/** A taint tracking configuration for unsafe archive extraction. */ -deprecated class Configuration extends DataFlow::Configuration { - Configuration() { this = "ZipSlip" } - - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - label = source.(Source).getAFlowLabel() - } - - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - label = sink.(Sink).getAFlowLabel() - } - - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof TaintedPath::Sanitizer - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TaintedPath::BarrierGuardNode - } - - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, - DataFlow::FlowLabel dstlabel - ) { - ZipSlipConfig::isAdditionalFlowStep(src, TaintedPath::FlowState::fromFlowLabel(srclabel), dst, - TaintedPath::FlowState::fromFlowLabel(dstlabel)) - } -} diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index d1baf9c4523..2fc23b4b234 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -39,34 +39,3 @@ module PolynomialReDoSConfig implements DataFlow::ConfigSig { /** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ module PolynomialReDoSFlow = TaintTracking::Global; - -/** - * DEPRECATED. Use the `PolynomialReDoSFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PolynomialReDoS" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } - - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - super.isSanitizerGuard(node) or - node instanceof LengthGuard - } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } - - override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { - super.hasFlowPath(source, sink) and - // require that there is a path without unmatched return steps - DataFlow::hasPathWithoutUnmatchedReturn(source, sink) - } - - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFieldStep(pred, succ) - } -} diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll index 380f594c21e..3b474f6d0a0 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll @@ -34,13 +34,6 @@ module SsrfConfig implements DataFlow::ConfigSig { module SsrfFlow = TaintTracking::Global; -/** - * DEPRECATED. Use the `SsrfFlow` module instead. - */ -deprecated class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SSRF" } -} - /** * A sanitizer for ternary operators. * diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql index 66f34f2e422..53de286bcdd 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql @@ -2,7 +2,4 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery deprecated import utils.test.LegacyDataFlowDiff -deprecated query predicate legacyDataFlowDifference = - DataFlowDiff::legacyDataFlowDifference/3; - query predicate flow = DomBasedXssFlow::flow/2; diff --git a/python/ql/lib/semmle/python/dataflow/new/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/TypeTracker.qll index 6def6b0b523..ed025ab4eb1 100644 --- a/python/ql/lib/semmle/python/dataflow/new/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/TypeTracker.qll @@ -8,63 +8,3 @@ private import python private import internal.TypeTracker as Internal private import internal.TypeTrackerSpecific as InternalSpecific - -/** A string that may appear as the name of an attribute or access path. */ -deprecated class AttributeName = InternalSpecific::TypeTrackerContent; - -/** An attribute name, or the empty string (representing no attribute). */ -deprecated class OptionalAttributeName = InternalSpecific::OptionalTypeTrackerContent; - -/** - * DEPRECATED: Use `semmle.python.dataflow.new.TypeTracking` instead. - * - * The summary of the steps needed to track a value to a given dataflow node. - * - * This can be used to track objects that implement a certain API in order to - * recognize calls to that API. Note that type-tracking does not by itself provide a - * source/sink relation, that is, it may determine that a node has a given type, - * but it won't determine where that type came from. - * - * It is recommended that all uses of this type are written in the following form, - * for tracking some type `myType`: - * ```ql - * DataFlow::TypeTrackingNode myType(DataFlow::TypeTracker t) { - * t.start() and - * result = < source of myType > - * or - * exists (DataFlow::TypeTracker t2 | - * result = myType(t2).track(t2, t) - * ) - * } - * - * DataFlow::LocalSourceNode myType() { myType(DataFlow::TypeTracker::end()) } - * ``` - * - * Instead of `result = myType(t2).track(t2, t)`, you can also use the equivalent - * `t = t2.step(myType(t2), result)`. If you additionally want to track individual - * intra-procedural steps, use `t = t2.smallstep(myCallback(t2), result)`. - */ -deprecated class TypeTracker extends Internal::TypeTracker { - /** - * Holds if this is the starting point of type tracking, and the value starts in the attribute named `attrName`. - * The type tracking only ends after the attribute has been loaded. - */ - predicate startInAttr(string attrName) { this.startInContent(attrName) } - - /** - * INTERNAL. DO NOT USE. - * - * Gets the attribute associated with this type tracker. - */ - string getAttr() { result = this.getContent() } -} - -deprecated module TypeTracker = Internal::TypeTracker; - -deprecated class StepSummary = Internal::StepSummary; - -deprecated module StepSummary = Internal::StepSummary; - -deprecated class TypeBackTracker = Internal::TypeBackTracker; - -deprecated module TypeBackTracker = Internal::TypeBackTracker; diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll index 01c881b2316..3201cb9a385 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll @@ -4,954 +4,6 @@ private import TypeTrackerSpecific private import semmle.python.dataflow.new.internal.DataFlowPublic as DataFlowPublic cached -private module Cached { - /** - * A description of a step on an inter-procedural data flow path. - */ - cached - deprecated newtype TStepSummary = - LevelStep() or - CallStep() or - ReturnStep() or - deprecated StoreStep(TypeTrackerContent content) { - exists(DataFlowPublic::AttributeContent dfc | dfc.getAttribute() = content | - basicStoreStep(_, _, dfc) - ) - } or - deprecated LoadStep(TypeTrackerContent content) { - exists(DataFlowPublic::AttributeContent dfc | dfc.getAttribute() = content | - basicLoadStep(_, _, dfc) - ) - } or - deprecated LoadStoreStep(TypeTrackerContent load, TypeTrackerContent store) { - exists(DataFlowPublic::AttributeContent dfcLoad, DataFlowPublic::AttributeContent dfcStore | - dfcLoad.getAttribute() = load and dfcStore.getAttribute() = store - | - basicLoadStoreStep(_, _, dfcLoad, dfcStore) - ) - } or - deprecated WithContent(ContentFilter filter) { basicWithContentStep(_, _, filter) } or - deprecated WithoutContent(ContentFilter filter) { basicWithoutContentStep(_, _, filter) } or - JumpStep() - - cached - deprecated newtype TTypeTracker = - deprecated MkTypeTracker(Boolean hasCall, OptionalTypeTrackerContent content) { - content = noContent() - or - // Restrict `content` to those that might eventually match a load. - // We can't rely on `basicStoreStep` since `startInContent` might be used with - // a content that has no corresponding store. - exists(DataFlowPublic::AttributeContent loadContents | - ( - basicLoadStep(_, _, loadContents) - or - basicLoadStoreStep(_, _, loadContents, _) - ) and - compatibleContents(content, loadContents.getAttribute()) - ) - } - - cached - deprecated newtype TTypeBackTracker = - deprecated MkTypeBackTracker(Boolean hasReturn, OptionalTypeTrackerContent content) { - content = noContent() - or - // As in MkTypeTracker, restrict `content` to those that might eventually match a store. - exists(DataFlowPublic::AttributeContent storeContent | - ( - basicStoreStep(_, _, storeContent) - or - basicLoadStoreStep(_, _, _, storeContent) - ) and - compatibleContents(storeContent.getAttribute(), content) - ) - } - - /** Gets a type tracker with no content and the call bit set to the given value. */ - cached - deprecated TypeTracker noContentTypeTracker(boolean hasCall) { - result = MkTypeTracker(hasCall, noContent()) - } - - /** Gets the summary resulting from appending `step` to type-tracking summary `tt`. */ - cached - deprecated TypeTracker append(TypeTracker tt, StepSummary step) { - exists(Boolean hasCall, OptionalTypeTrackerContent currentContents | - tt = MkTypeTracker(hasCall, currentContents) - | - step = LevelStep() and result = tt - or - step = CallStep() and result = MkTypeTracker(true, currentContents) - or - step = ReturnStep() and hasCall = false and result = tt - or - step = JumpStep() and - result = MkTypeTracker(false, currentContents) - or - exists(ContentFilter filter | result = tt | - step = WithContent(filter) and - currentContents = filter.getAMatchingContent() - or - step = WithoutContent(filter) and - not currentContents = filter.getAMatchingContent() - ) - ) - or - exists(TypeTrackerContent storeContents, boolean hasCall | - exists(TypeTrackerContent loadContents | - step = LoadStep(pragma[only_bind_into](loadContents)) and - tt = MkTypeTracker(hasCall, storeContents) and - compatibleContents(storeContents, loadContents) and - result = noContentTypeTracker(hasCall) - ) - or - step = StoreStep(pragma[only_bind_into](storeContents)) and - tt = noContentTypeTracker(hasCall) and - result = MkTypeTracker(hasCall, storeContents) - ) - or - exists( - TypeTrackerContent currentContent, TypeTrackerContent store, TypeTrackerContent load, - boolean hasCall - | - step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and - compatibleContents(pragma[only_bind_into](currentContent), load) and - tt = MkTypeTracker(pragma[only_bind_into](hasCall), currentContent) and - result = MkTypeTracker(pragma[only_bind_out](hasCall), store) - ) - } - - pragma[nomagic] - deprecated private TypeBackTracker noContentTypeBackTracker(boolean hasReturn) { - result = MkTypeBackTracker(hasReturn, noContent()) - } - - /** Gets the summary resulting from prepending `step` to this type-tracking summary. */ - cached - deprecated TypeBackTracker prepend(TypeBackTracker tbt, StepSummary step) { - exists(Boolean hasReturn, OptionalTypeTrackerContent content | - tbt = MkTypeBackTracker(hasReturn, content) - | - step = LevelStep() and result = tbt - or - step = CallStep() and hasReturn = false and result = tbt - or - step = ReturnStep() and result = MkTypeBackTracker(true, content) - or - step = JumpStep() and - result = MkTypeBackTracker(false, content) - or - exists(ContentFilter filter | result = tbt | - step = WithContent(filter) and - content = filter.getAMatchingContent() - or - step = WithoutContent(filter) and - not content = filter.getAMatchingContent() - ) - ) - or - exists(TypeTrackerContent loadContents, boolean hasReturn | - exists(TypeTrackerContent storeContents | - step = StoreStep(pragma[only_bind_into](storeContents)) and - tbt = MkTypeBackTracker(hasReturn, loadContents) and - compatibleContents(storeContents, loadContents) and - result = noContentTypeBackTracker(hasReturn) - ) - or - step = LoadStep(pragma[only_bind_into](loadContents)) and - tbt = noContentTypeBackTracker(hasReturn) and - result = MkTypeBackTracker(hasReturn, loadContents) - ) - or - exists( - TypeTrackerContent currentContent, TypeTrackerContent store, TypeTrackerContent load, - boolean hasCall - | - step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and - compatibleContents(store, pragma[only_bind_into](currentContent)) and - tbt = MkTypeBackTracker(pragma[only_bind_into](hasCall), currentContent) and - result = MkTypeBackTracker(pragma[only_bind_out](hasCall), load) - ) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or intra-procedural step from `nodeFrom` to `nodeTo`. - * - * Steps contained in this predicate should _not_ depend on the call graph. - */ - cached - deprecated predicate stepNoCall( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary - ) { - exists(Node mid | nodeFrom.flowsTo(mid) and smallstepNoCall(mid, nodeTo, summary)) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - */ - cached - deprecated predicate stepCall( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary - ) { - exists(Node mid | nodeFrom.flowsTo(mid) and smallstepCall(mid, nodeTo, summary)) - } - - cached - deprecated predicate smallstepNoCall(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - jumpStep(nodeFrom, nodeTo) and - summary = JumpStep() - or - levelStepNoCall(nodeFrom, nodeTo) and - summary = LevelStep() - or - exists(TypeTrackerContent content | - flowsToStoreStep(nodeFrom, nodeTo, content) and - summary = StoreStep(content) - or - exists(DataFlowPublic::AttributeContent dfc | dfc.getAttribute() = content | - basicLoadStep(nodeFrom, nodeTo, dfc) - ) and - summary = LoadStep(content) - ) - or - exists(TypeTrackerContent loadContent, TypeTrackerContent storeContent | - flowsToLoadStoreStep(nodeFrom, nodeTo, loadContent, storeContent) and - summary = LoadStoreStep(loadContent, storeContent) - ) - or - exists(ContentFilter filter | - basicWithContentStep(nodeFrom, nodeTo, filter) and - summary = WithContent(filter) - or - basicWithoutContentStep(nodeFrom, nodeTo, filter) and - summary = WithoutContent(filter) - ) - } - - cached - deprecated predicate smallstepCall(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - callStep(nodeFrom, nodeTo) and summary = CallStep() - or - returnStep(nodeFrom, nodeTo) and - summary = ReturnStep() - or - levelStepCall(nodeFrom, nodeTo) and - summary = LevelStep() - } -} +private module Cached { } private import Cached - -deprecated private predicate step( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary -) { - stepNoCall(nodeFrom, nodeTo, summary) - or - stepCall(nodeFrom, nodeTo, summary) -} - -pragma[nomagic] -deprecated private predicate stepProj(TypeTrackingNode nodeFrom, StepSummary summary) { - step(nodeFrom, _, summary) -} - -deprecated private predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - smallstepNoCall(nodeFrom, nodeTo, summary) - or - smallstepCall(nodeFrom, nodeTo, summary) -} - -pragma[nomagic] -deprecated private predicate smallstepProj(Node nodeFrom, StepSummary summary) { - smallstep(nodeFrom, _, summary) -} - -/** - * Holds if `nodeFrom` is being written to the `content` of the object in `nodeTo`. - * - * Note that `nodeTo` will always be a local source node that flows to the place where the content - * is written in `basicStoreStep`. This may lead to the flow of information going "back in time" - * from the point of view of the execution of the program. - * - * For instance, if we interpret attribute writes in Python as writing to content with the same - * name as the attribute and consider the following snippet - * - * ```python - * def foo(y): - * x = Foo() - * bar(x) - * x.attr = y - * baz(x) - * - * def bar(x): - * z = x.attr - * ``` - * for the attribute write `x.attr = y`, we will have `content` being the literal string `"attr"`, - * `nodeFrom` will be `y`, and `nodeTo` will be the object `Foo()` created on the first line of the - * function. This means we will track the fact that `x.attr` can have the type of `y` into the - * assignment to `z` inside `bar`, even though this attribute write happens _after_ `bar` is called. - */ -deprecated private predicate flowsToStoreStep( - Node nodeFrom, TypeTrackingNode nodeTo, TypeTrackerContent content -) { - exists(Node obj | - nodeTo.flowsTo(obj) and - exists(DataFlowPublic::AttributeContent dfc | dfc.getAttribute() = content | - basicStoreStep(nodeFrom, obj, dfc) - ) - ) -} - -/** - * Holds if `loadContent` is loaded from `nodeFrom` and written to `storeContent` of `nodeTo`. - */ -deprecated private predicate flowsToLoadStoreStep( - Node nodeFrom, TypeTrackingNode nodeTo, TypeTrackerContent loadContent, - TypeTrackerContent storeContent -) { - exists(Node obj | - nodeTo.flowsTo(obj) and - exists(DataFlowPublic::AttributeContent loadDfc, DataFlowPublic::AttributeContent storeDfc | - loadDfc.getAttribute() = loadContent and storeDfc.getAttribute() = storeContent - | - basicLoadStoreStep(nodeFrom, obj, loadDfc, storeDfc) - ) - ) -} - -/** - * INTERNAL: Use `TypeTracker` or `TypeBackTracker` instead. - * - * A description of a step on an inter-procedural data flow path. - */ -deprecated class StepSummary extends TStepSummary { - /** Gets a textual representation of this step summary. */ - string toString() { - this instanceof LevelStep and result = "level" - or - this instanceof CallStep and result = "call" - or - this instanceof ReturnStep and result = "return" - or - exists(TypeTrackerContent content | this = StoreStep(content) | result = "store " + content) - or - exists(TypeTrackerContent content | this = LoadStep(content) | result = "load " + content) - or - exists(TypeTrackerContent load, TypeTrackerContent store | - this = LoadStoreStep(load, store) and - result = "load-store " + load + " -> " + store - ) - or - this instanceof JumpStep and result = "jump" - } -} - -/** Provides predicates for updating step summaries (`StepSummary`s). */ -deprecated module StepSummary { - predicate append = Cached::append/2; - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate stepCall = Cached::stepCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate stepNoCall = Cached::stepNoCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - */ - predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - stepNoCall(nodeFrom, nodeTo, summary) - or - stepCall(nodeFrom, nodeTo, summary) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate smallstepNoCall = Cached::smallstepNoCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate smallstepCall = Cached::smallstepCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * Unlike `StepSummary::step`, this predicate does not compress - * type-preserving steps. - */ - predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - smallstepNoCall(nodeFrom, nodeTo, summary) - or - smallstepCall(nodeFrom, nodeTo, summary) - } - - /** Gets the step summary for a level step. */ - StepSummary levelStep() { result = LevelStep() } - - /** Gets the step summary for a call step. */ - StepSummary callStep() { result = CallStep() } - - /** Gets the step summary for a return step. */ - StepSummary returnStep() { result = ReturnStep() } - - /** Gets the step summary for storing into `content`. */ - StepSummary storeStep(TypeTrackerContent content) { result = StoreStep(content) } - - /** Gets the step summary for loading from `content`. */ - StepSummary loadStep(TypeTrackerContent content) { result = LoadStep(content) } - - /** Gets the step summary for loading from `load` and then storing into `store`. */ - StepSummary loadStoreStep(TypeTrackerContent load, TypeTrackerContent store) { - result = LoadStoreStep(load, store) - } - - /** Gets the step summary for a step that only permits contents matched by `filter`. */ - StepSummary withContent(ContentFilter filter) { result = WithContent(filter) } - - /** Gets the step summary for a step that blocks contents matched by `filter`. */ - StepSummary withoutContent(ContentFilter filter) { result = WithoutContent(filter) } - - /** Gets the step summary for a jump step. */ - StepSummary jumpStep() { result = JumpStep() } -} - -/** - * DEPRECATED: Use `semmle.python.dataflow.new.TypeTracking` instead. - * - * A summary of the steps needed to track a value to a given dataflow node. - * - * This can be used to track objects that implement a certain API in order to - * recognize calls to that API. Note that type-tracking does not by itself provide a - * source/sink relation, that is, it may determine that a node has a given type, - * but it won't determine where that type came from. - * - * It is recommended that all uses of this type are written in the following form, - * for tracking some type `myType`: - * ```ql - * DataFlow::TypeTrackingNode myType(DataFlow::TypeTracker t) { - * t.start() and - * result = < source of myType > - * or - * exists (DataFlow::TypeTracker t2 | - * result = myType(t2).track(t2, t) - * ) - * } - * - * DataFlow::Node myType() { myType(DataFlow::TypeTracker::end()).flowsTo(result) } - * ``` - * - * Instead of `result = myType(t2).track(t2, t)`, you can also use the equivalent - * `t = t2.step(myType(t2), result)`. If you additionally want to track individual - * intra-procedural steps, use `t = t2.smallstep(myCallback(t2), result)`. - */ -deprecated class TypeTracker extends TTypeTracker { - Boolean hasCall; - OptionalTypeTrackerContent content; - - TypeTracker() { this = MkTypeTracker(hasCall, content) } - - /** Gets the summary resulting from appending `step` to this type-tracking summary. */ - TypeTracker append(StepSummary step) { result = append(this, step) } - - /** Gets a textual representation of this summary. */ - string toString() { - exists(string withCall, string withContent | - (if hasCall = true then withCall = "with" else withCall = "without") and - ( - if content != noContent() - then withContent = " with content " + content - else withContent = "" - ) and - result = "type tracker " + withCall + " call steps" + withContent - ) - } - - /** - * Holds if this is the starting point of type tracking. - */ - predicate start() { hasCall = false and content = noContent() } - - /** - * Holds if this is the starting point of type tracking, and the value starts in the content named `contentName`. - * The type tracking only ends after the content has been loaded. - */ - predicate startInContent(TypeTrackerContent contentName) { - hasCall = false and content = contentName - } - - /** - * Holds if this is the starting point of type tracking - * when tracking a parameter into a call, but not out of it. - */ - predicate call() { hasCall = true and content = noContent() } - - /** - * Holds if this is the end point of type tracking. - */ - predicate end() { content = noContent() } - - /** - * INTERNAL. DO NOT USE. - * - * Holds if this type has been tracked into a call. - */ - boolean hasCall() { result = hasCall } - - /** - * INTERNAL. DO NOT USE. - * - * Gets the content associated with this type tracker. - */ - OptionalTypeTrackerContent getContent() { result = content } - - /** - * Gets a type tracker that starts where this one has left off to allow continued - * tracking. - * - * This predicate is only defined if the type is not associated to a piece of content. - */ - TypeTracker continue() { content = noContent() and result = this } - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - */ - bindingset[nodeFrom, this] - pragma[inline_late] - pragma[noopt] - TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - stepProj(nodeFrom, summary) and - result = this.append(summary) and - step(nodeFrom, nodeTo, summary) - ) - } - - bindingset[nodeFrom, this] - pragma[inline_late] - pragma[noopt] - private TypeTracker smallstepNoSimpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepProj(nodeFrom, summary) and - result = this.append(summary) and - smallstep(nodeFrom, nodeTo, summary) - ) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * Unlike `TypeTracker::step`, this predicate exposes all edges - * in the flow graph, and not just the edges between `Node`s. - * It may therefore be less performant. - * - * Type tracking predicates using small steps typically take the following form: - * ```ql - * DataFlow::Node myType(DataFlow::TypeTracker t) { - * t.start() and - * result = < source of myType > - * or - * exists (DataFlow::TypeTracker t2 | - * t = t2.smallstep(myType(t2), result) - * ) - * } - * - * DataFlow::Node myType() { - * result = myType(DataFlow::TypeTracker::end()) - * } - * ``` - */ - pragma[inline] - TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - result = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this - } -} - -/** Provides predicates for implementing custom `TypeTracker`s. */ -deprecated module TypeTracker { - /** - * Gets a valid end point of type tracking. - */ - TypeTracker end() { result.end() } - - /** - * INTERNAL USE ONLY. - * - * Gets a valid end point of type tracking with the call bit set to the given value. - */ - predicate end = Cached::noContentTypeTracker/1; -} - -pragma[nomagic] -deprecated private predicate backStepProj(TypeTrackingNode nodeTo, StepSummary summary) { - step(_, nodeTo, summary) -} - -deprecated private predicate backSmallstepProj(TypeTrackingNode nodeTo, StepSummary summary) { - smallstep(_, nodeTo, summary) -} - -/** - * DEPRECATED: Use `semmle.python.dataflow.new.TypeTracking` instead. - * - * A summary of the steps needed to back-track a use of a value to a given dataflow node. - * - * This can for example be used to track callbacks that are passed to a certain API, - * so we can model specific parameters of that callback as having a certain type. - * - * Note that type back-tracking does not provide a source/sink relation, that is, - * it may determine that a node will be used in an API call somewhere, but it won't - * determine exactly where that use was, or the path that led to the use. - * - * It is recommended that all uses of this type are written in the following form, - * for back-tracking some callback type `myCallback`: - * - * ```ql - * DataFlow::TypeTrackingNode myCallback(DataFlow::TypeBackTracker t) { - * t.start() and - * result = (< some API call >).getArgument(< n >).getALocalSource() - * or - * exists (DataFlow::TypeBackTracker t2 | - * result = myCallback(t2).backtrack(t2, t) - * ) - * } - * - * DataFlow::TypeTrackingNode myCallback() { result = myCallback(DataFlow::TypeBackTracker::end()) } - * ``` - * - * Instead of `result = myCallback(t2).backtrack(t2, t)`, you can also use the equivalent - * `t2 = t.step(result, myCallback(t2))`. If you additionally want to track individual - * intra-procedural steps, use `t2 = t.smallstep(result, myCallback(t2))`. - */ -deprecated class TypeBackTracker extends TTypeBackTracker { - Boolean hasReturn; - OptionalTypeTrackerContent content; - - TypeBackTracker() { this = MkTypeBackTracker(hasReturn, content) } - - /** Gets the summary resulting from prepending `step` to this type-tracking summary. */ - TypeBackTracker prepend(StepSummary step) { result = prepend(this, step) } - - /** Gets a textual representation of this summary. */ - string toString() { - exists(string withReturn, string withContent | - (if hasReturn = true then withReturn = "with" else withReturn = "without") and - ( - if content != noContent() - then withContent = " with content " + content - else withContent = "" - ) and - result = "type back-tracker " + withReturn + " return steps" + withContent - ) - } - - /** - * Holds if this is the starting point of type tracking. - */ - predicate start() { hasReturn = false and content = noContent() } - - /** - * Holds if this is the end point of type tracking. - */ - predicate end() { content = noContent() } - - /** - * INTERNAL. DO NOT USE. - * - * Holds if this type has been back-tracked into a call through return edge. - */ - boolean hasReturn() { result = hasReturn } - - /** - * Gets a type tracker that starts where this one has left off to allow continued - * tracking. - * - * This predicate is only defined if the type has not been tracked into a piece of content. - */ - TypeBackTracker continue() { content = noContent() and result = this } - - /** - * Gets the summary that corresponds to having taken a backwards - * heap and/or inter-procedural step from `nodeTo` to `nodeFrom`. - */ - bindingset[nodeTo, result] - pragma[inline_late] - pragma[noopt] - TypeBackTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - backStepProj(nodeTo, summary) and - this = result.prepend(summary) and - step(nodeFrom, nodeTo, summary) - ) - } - - bindingset[nodeTo, result] - pragma[inline_late] - pragma[noopt] - private TypeBackTracker smallstepNoSimpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - backSmallstepProj(nodeTo, summary) and - this = result.prepend(summary) and - smallstep(nodeFrom, nodeTo, summary) - ) - } - - /** - * Gets the summary that corresponds to having taken a backwards - * local, heap and/or inter-procedural step from `nodeTo` to `nodeFrom`. - * - * Unlike `TypeBackTracker::step`, this predicate exposes all edges - * in the flowgraph, and not just the edges between - * `TypeTrackingNode`s. It may therefore be less performant. - * - * Type tracking predicates using small steps typically take the following form: - * ```ql - * DataFlow::Node myType(DataFlow::TypeBackTracker t) { - * t.start() and - * result = < some API call >.getArgument(< n >) - * or - * exists (DataFlow::TypeBackTracker t2 | - * t = t2.smallstep(result, myType(t2)) - * ) - * } - * - * DataFlow::Node myType() { - * result = myType(DataFlow::TypeBackTracker::end()) - * } - * ``` - */ - pragma[inline] - TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { - this = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - this = result - } - - /** - * Gets a forwards summary that is compatible with this backwards summary. - * That is, if this summary describes the steps needed to back-track a value - * from `sink` to `mid`, and the result is a valid summary of the steps needed - * to track a value from `source` to `mid`, then the value from `source` may - * also flow to `sink`. - */ - TypeTracker getACompatibleTypeTracker() { - exists(boolean hasCall, OptionalTypeTrackerContent c | - result = MkTypeTracker(hasCall, c) and - ( - compatibleContents(c, content) - or - content = noContent() and c = content - ) - | - hasCall = false - or - this.hasReturn() = false - ) - } -} - -/** Provides predicates for implementing custom `TypeBackTracker`s. */ -deprecated module TypeBackTracker { - /** - * Gets a valid end point of type back-tracking. - */ - TypeBackTracker end() { result.end() } -} - -/** - * INTERNAL: Do not use. - * - * Provides logic for constructing a call graph in mutual recursion with type tracking. - * - * When type tracking is used to construct a call graph, we cannot use the join-order - * from `stepInlineLate`, because `step` becomes a recursive call, which means that we - * will have a conjunct with 3 recursive calls: the call to `step`, the call to `stepProj`, - * and the recursive type tracking call itself. The solution is to split the three-way - * non-linear recursion into two non-linear predicates: one that first joins with the - * projected `stepCall` relation, followed by a predicate that joins with the full - * `stepCall` relation (`stepNoCall` not being recursive, can be join-ordered in the - * same way as in `stepInlineLate`). - */ -deprecated module CallGraphConstruction { - /** The input to call graph construction. */ - signature module InputSig { - /** A state to track during type tracking. */ - class State; - - /** Holds if type tracking should start at `start` in state `state`. */ - deprecated predicate start(Node start, State state); - - /** - * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, - * which _does not_ depend on the call graph. - * - * Implementing this predicate using `StepSummary::[small]stepNoCall` yields - * standard type tracking. - */ - deprecated predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary); - - /** - * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, - * which _does_ depend on the call graph. - * - * Implementing this predicate using `StepSummary::[small]stepCall` yields - * standard type tracking. - */ - deprecated predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary); - - /** A projection of an element from the state space. */ - class StateProj; - - /** Gets the projection of `state`. */ - StateProj stateProj(State state); - - /** Holds if type tracking should stop at `n` when we are tracking projected state `stateProj`. */ - deprecated predicate filter(Node n, StateProj stateProj); - } - - /** Provides the `track` predicate for use in call graph construction. */ - module Make { - pragma[nomagic] - deprecated private predicate stepNoCallProj(Node nodeFrom, StepSummary summary) { - Input::stepNoCall(nodeFrom, _, summary) - } - - pragma[nomagic] - deprecated private predicate stepCallProj(Node nodeFrom, StepSummary summary) { - Input::stepCall(nodeFrom, _, summary) - } - - bindingset[nodeFrom, t] - pragma[inline_late] - pragma[noopt] - deprecated private TypeTracker stepNoCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo - ) { - exists(StepSummary summary | - stepNoCallProj(nodeFrom, summary) and - result = t.append(summary) and - Input::stepNoCall(nodeFrom, nodeTo, summary) - ) - } - - bindingset[state] - pragma[inline_late] - private Input::StateProj stateProjInlineLate(Input::State state) { - result = Input::stateProj(state) - } - - pragma[nomagic] - deprecated private Node track(Input::State state, TypeTracker t) { - t.start() and Input::start(result, state) - or - exists(Input::StateProj stateProj | - stateProj = stateProjInlineLate(state) and - not Input::filter(result, stateProj) - | - exists(TypeTracker t2 | t = stepNoCallInlineLate(t2, track(state, t2), result)) - or - exists(StepSummary summary | - // non-linear recursion - Input::stepCall(trackCall(state, t, summary), result, summary) - ) - ) - } - - bindingset[t, summary] - pragma[inline_late] - deprecated private TypeTracker appendInlineLate(TypeTracker t, StepSummary summary) { - result = t.append(summary) - } - - pragma[nomagic] - deprecated private Node trackCall(Input::State state, TypeTracker t, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = track(state, t2) and - stepCallProj(result, summary) and - t = appendInlineLate(t2, summary) - ) - } - - /** Gets a node that can be reached from _some_ start node in state `state`. */ - pragma[nomagic] - deprecated Node track(Input::State state) { result = track(state, TypeTracker::end()) } - } - - /** A simple version of `CallGraphConstruction` that uses standard type tracking. */ - module Simple { - /** The input to call graph construction. */ - signature module InputSig { - /** A state to track during type tracking. */ - class State; - - /** Holds if type tracking should start at `start` in state `state`. */ - deprecated predicate start(Node start, State state); - - /** Holds if type tracking should stop at `n`. */ - deprecated predicate filter(Node n); - } - - /** Provides the `track` predicate for use in call graph construction. */ - module Make { - deprecated private module I implements CallGraphConstruction::InputSig { - private import codeql.util.Unit - - class State = Input::State; - - predicate start(Node start, State state) { Input::start(start, state) } - - predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary) { - StepSummary::stepNoCall(nodeFrom, nodeTo, summary) - } - - predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary) { - StepSummary::stepCall(nodeFrom, nodeTo, summary) - } - - class StateProj = Unit; - - Unit stateProj(State state) { exists(state) and exists(result) } - - predicate filter(Node n, Unit u) { - Input::filter(n) and - exists(u) - } - } - - deprecated import CallGraphConstruction::Make - } - } -} diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll index 11cce1446f7..f1b04c77970 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll @@ -6,50 +6,11 @@ private import python private import semmle.python.dataflow.new.internal.DataFlowPublic as DataFlowPublic private import TypeTrackingImpl as TypeTrackingImpl -deprecated class Node = DataFlowPublic::Node; - -deprecated class TypeTrackingNode = DataFlowPublic::TypeTrackingNode; - -/** A content name for use by type trackers, or the empty string. */ -deprecated class OptionalTypeTrackerContent extends string { - OptionalTypeTrackerContent() { - this = "" - or - this = any(DataFlowPublic::AttributeContent dfc).getAttribute() - } -} - -/** A content name for use by type trackers. */ -deprecated class TypeTrackerContent extends OptionalTypeTrackerContent { - TypeTrackerContent() { this != "" } -} - -/** Gets the content string representing no value. */ -deprecated OptionalTypeTrackerContent noContent() { result = "" } - -/** - * A label to use for `WithContent` and `WithoutContent` steps, restricting - * which `ContentSet` may pass through. Not currently used in Python. - */ -deprecated class ContentFilter extends Unit { - TypeTrackerContent getAMatchingContent() { none() } -} - -pragma[inline] -deprecated predicate compatibleContents( - TypeTrackerContent storeContent, TypeTrackerContent loadContent -) { - storeContent = loadContent -} - deprecated predicate simpleLocalFlowStep = TypeTrackingImpl::TypeTrackingInput::simpleLocalSmallStep/2; deprecated predicate jumpStep = TypeTrackingImpl::TypeTrackingInput::jumpStep/2; -/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */ -deprecated predicate levelStepCall(Node nodeFrom, Node nodeTo) { none() } - /** Holds if there is a level step from `nodeFrom` to `nodeTo`, which does not depend on the call graph. */ deprecated predicate levelStepNoCall = TypeTrackingImpl::TypeTrackingInput::levelStepNoCall/2; @@ -79,24 +40,3 @@ deprecated predicate basicLoadStep = TypeTrackingImpl::TypeTrackingInput::loadSt * Holds if the `loadContent` of `nodeFrom` is stored in the `storeContent` of `nodeTo`. */ deprecated predicate basicLoadStoreStep = TypeTrackingImpl::TypeTrackingInput::loadStoreStep/4; - -/** - * Holds if type-tracking should step from `nodeFrom` to `nodeTo` but block flow of contents matched by `filter` through here. - */ -deprecated predicate basicWithoutContentStep(Node nodeFrom, Node nodeTo, ContentFilter filter) { - none() -} - -/** - * Holds if type-tracking should step from `nodeFrom` to `nodeTo` if inside a content matched by `filter`. - */ -deprecated predicate basicWithContentStep(Node nodeFrom, Node nodeTo, ContentFilter filter) { - none() -} - -/** - * A utility class that is equivalent to `boolean` but does not require type joining. - */ -deprecated class Boolean extends boolean { - Boolean() { this = true or this = false } -} diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index 20135421600..4ad671bb19a 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -1781,15 +1781,6 @@ module StdlibPrivate { * See https://docs.python.org/3/library/cgi.html. */ module FieldStorage { - /** - * DEPRECATED: Use `subclassRef` predicate instead. - * - * Gets a reference to the `cgi.FieldStorage` class. - */ - deprecated API::Node classRef() { - result = API::moduleImport("cgi").getMember("FieldStorage") - } - /** Gets a reference to the `cgi.FieldStorage` class or any subclass. */ API::Node subclassRef() { result = API::moduleImport("cgi").getMember("FieldStorage").getASubclass*() @@ -1900,168 +1891,15 @@ module StdlibPrivate { // --------------------------------------------------------------------------- // BaseHTTPServer (Python 2 only) // --------------------------------------------------------------------------- - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `BaseHttpServer` module. - */ - deprecated API::Node baseHttpServer() { result = API::moduleImport("BaseHTTPServer") } - - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `BaseHttpServer` module. - */ - deprecated module BaseHttpServer { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `BaseHTTPServer.BaseHTTPRequestHandler` class (Python 2 only). - */ - deprecated module BaseHttpRequestHandler { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `BaseHttpServer.BaseHttpRequestHandler` class. - */ - deprecated API::Node classRef() { - result = baseHttpServer().getMember("BaseHTTPRequestHandler") - } - } - } - // --------------------------------------------------------------------------- // SimpleHTTPServer (Python 2 only) // --------------------------------------------------------------------------- - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `SimpleHttpServer` module. - */ - deprecated API::Node simpleHttpServer() { result = API::moduleImport("SimpleHTTPServer") } - - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `SimpleHttpServer` module. - */ - deprecated module SimpleHttpServer { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `SimpleHTTPServer.SimpleHTTPRequestHandler` class (Python 2 only). - */ - deprecated module SimpleHttpRequestHandler { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `SimpleHttpServer.SimpleHttpRequestHandler` class. - */ - deprecated API::Node classRef() { - result = simpleHttpServer().getMember("SimpleHTTPRequestHandler") - } - } - } - // --------------------------------------------------------------------------- // CGIHTTPServer (Python 2 only) // --------------------------------------------------------------------------- - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `CGIHTTPServer` module. - */ - deprecated API::Node cgiHttpServer() { result = API::moduleImport("CGIHTTPServer") } - - /** Provides models for the `CGIHTTPServer` module. */ - deprecated module CgiHttpServer { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `CGIHTTPServer.CGIHTTPRequestHandler` class (Python 2 only). - */ - deprecated module CgiHttpRequestHandler { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `CGIHTTPServer.CgiHttpRequestHandler` class. - */ - deprecated API::Node classRef() { - result = cgiHttpServer().getMember("CGIHTTPRequestHandler") - } - } - } - // --------------------------------------------------------------------------- // http (Python 3 only) // --------------------------------------------------------------------------- - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `http` module. - */ - deprecated API::Node http() { result = API::moduleImport("http") } - - /** Provides models for the `http` module. */ - deprecated module StdlibHttp { - // ------------------------------------------------------------------------- - // http.server - // ------------------------------------------------------------------------- - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `http.server` module. - */ - deprecated API::Node server() { result = http().getMember("server") } - - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `http.server` module - */ - deprecated module Server { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `http.server.BaseHTTPRequestHandler` class (Python 3 only). - * - * See https://docs.python.org/3.9/library/http.server.html#http.server.BaseHTTPRequestHandler. - */ - deprecated module BaseHttpRequestHandler { - /** Gets a reference to the `http.server.BaseHttpRequestHandler` class. */ - deprecated API::Node classRef() { result = server().getMember("BaseHTTPRequestHandler") } - } - - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `http.server.SimpleHTTPRequestHandler` class (Python 3 only). - * - * See https://docs.python.org/3.9/library/http.server.html#http.server.SimpleHTTPRequestHandler. - */ - deprecated module SimpleHttpRequestHandler { - /** Gets a reference to the `http.server.SimpleHttpRequestHandler` class. */ - deprecated API::Node classRef() { result = server().getMember("SimpleHTTPRequestHandler") } - } - - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Provides models for the `http.server.CGIHTTPRequestHandler` class (Python 3 only). - * - * See https://docs.python.org/3.9/library/http.server.html#http.server.CGIHTTPRequestHandler. - */ - deprecated module CgiHttpRequestHandler { - /** - * DEPRECATED: Use API-graphs directly instead. - * - * Gets a reference to the `http.server.CGIHTTPRequestHandler` class. - */ - deprecated API::Node classRef() { result = server().getMember("CGIHTTPRequestHandler") } - } - } - } - /** * Provides models for the `BaseHTTPRequestHandler` class and subclasses. * diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll index cc887a9a05c..00537e375b1 100644 --- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll +++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll @@ -264,12 +264,6 @@ module API { pragma[inline_late] DataFlow::CallNode asCall() { this = Impl::MkMethodAccessNode(result) } - /** - * DEPRECATED. Use `asCall()` instead. - */ - pragma[inline] - deprecated DataFlow::CallNode getCallNode() { this = Impl::MkMethodAccessNode(result) } - /** * Gets a module or class that descends from the module or class referenced by this API node. */ @@ -607,104 +601,10 @@ module API { */ string toString() { none() } - /** - * Gets a node representing a (direct or indirect) subclass of the class represented by this node. - * ```rb - * class A; end - * class B < A; end - * class C < B; end - * ``` - * In the example above, `getMember("A").getASubclass()` will return uses of `A`, `B` and `C`. - */ - pragma[inline] - deprecated Node getASubclass() { result = this } - - /** - * Gets a node representing a direct subclass of the class represented by this node. - * ```rb - * class A; end - * class B < A; end - * class C < B; end - * ``` - * In the example above, `getMember("A").getAnImmediateSubclass()` will return uses of `B` only. - */ - pragma[inline] - deprecated Node getAnImmediateSubclass() { - result = this.asModule().getAnImmediateDescendent().trackModule() - } - - /** DEPRECATED. This predicate has been renamed to `getAValueReachableFromSource()`. */ - deprecated DataFlow::Node getAUse() { result = this.getAValueReachableFromSource() } - - /** DEPRECATED. This predicate has been renamed to `asSource()`. */ - deprecated DataFlow::LocalSourceNode getAnImmediateUse() { result = this.asSource() } - - /** DEPRECATED. This predicate has been renamed to `asSink()`. */ - deprecated DataFlow::Node getARhs() { result = this.asSink() } - - /** DEPRECATED. This predicate has been renamed to `getAValueReachingSink()`. */ - deprecated DataFlow::Node getAValueReachingRhs() { result = this.getAValueReachingSink() } - - /** - * DEPRECATED. API graph nodes are no longer associated with specific paths. - * - * Gets a string representation of the lexicographically least among all shortest access paths - * from the root to this node. - */ - deprecated string getPath() { none() } - - /** - * DEPRECATED. Use label-specific predicates in this class, such as `getMember`, instead of using `getASuccessor`. - * - * Gets a node such that there is an edge in the API graph between this node and the other - * one, and that edge is labeled with `lbl`. - */ - pragma[inline] - deprecated Node getASuccessor(Label::ApiLabel lbl) { - labelledEdge(this.getAnEpsilonSuccessor(), lbl, result) - } - - /** - * DEPRECATED. API graphs no longer support backward traversal of edges. If possible use `.backtrack()` to get - * a node intended for backtracking. - * - * Gets a node such that there is an edge in the API graph between that other node and - * this one, and that edge is labeled with `lbl` - */ - deprecated Node getAPredecessor(Label::ApiLabel lbl) { this = result.getASuccessor(lbl) } - - /** - * DEPRECATED. API graphs no longer support backward traversal of edges. If possible use `.backtrack()` to get - * a node intended for backtracking. - * - * Gets a node such that there is an edge in the API graph between this node and the other - * one. - */ - deprecated Node getAPredecessor() { result = this.getAPredecessor(_) } - - /** - * Gets a node such that there is an edge in the API graph between that other node and - * this one. - */ - pragma[inline] - deprecated Node getASuccessor() { result = this.getASuccessor(_) } - - /** DEPRECATED. API graphs are no longer associated with a depth. */ - deprecated int getDepth() { none() } - pragma[inline] private Node getAnEpsilonSuccessor() { result = getAnEpsilonSuccessorInline(this) } } - /** DEPRECATED. Use `API::root()` to access the root node. */ - deprecated class Root = RootNode; - - /** DEPRECATED. A node corresponding to the use of an API component. */ - deprecated class Use = ForwardNode; - - /** DEPRECATED. A node corresponding to a value escaping into an API component. */ - deprecated class Def = SinkNode; - /** The root node of an API graph. */ private class RootNode extends Node, Impl::MkRoot { override string toString() { result = "Root()" } @@ -1327,270 +1227,4 @@ module API { node = MkMethodAccessNode(entry.getACall()) } } - - /** - * Holds if there is an edge from `pred` to `succ` in the API graph that is labeled with `lbl`. - */ - pragma[nomagic] - deprecated private predicate labelledEdge(Node pred, Label::ApiLabel lbl, Node succ) { - exists(string name | - Impl::memberEdge(pred, name, succ) and - lbl = Label::member(name) - ) - or - exists(string name | - Impl::methodEdge(pred, name, succ) and - lbl = Label::method(name) - ) - or - exists(DataFlow::Content content | - Impl::contentEdge(pred, content, succ) and - lbl = Label::content(content) - ) - or - exists(DataFlowDispatch::ParameterPosition pos | - Impl::parameterEdge(pred, pos, succ) and - lbl = Label::getLabelFromParameterPosition(pos) - ) - or - exists(DataFlowDispatch::ArgumentPosition pos | - Impl::argumentEdge(pred, pos, succ) and - lbl = Label::getLabelFromArgumentPosition(pos) - ) - or - Impl::instanceEdge(pred, succ) and - lbl = Label::instance() - or - Impl::returnEdge(pred, succ) and - lbl = Label::return() - or - exists(EntryPoint entry | - Impl::entryPointEdge(entry, succ) and - pred = root() and - lbl = Label::entryPoint(entry) - ) - } - - /** - * DEPRECATED. Treating the API graph as an explicit labelled graph is deprecated - instead use the methods on `API:Node` directly. - * - * Provides classes modeling the various edges (labels) in the API graph. - */ - deprecated module Label { - /** All the possible labels in the API graph. */ - private newtype TLabel = - MkLabelMember(string member) { member = any(ConstantReadAccess a).getName() } or - MkLabelMethod(string m) { m = any(DataFlow::CallNode c).getMethodName() } or - MkLabelReturn() or - MkLabelInstance() or - MkLabelKeywordParameter(string name) { - any(DataFlowDispatch::ArgumentPosition arg).isKeyword(name) - or - any(DataFlowDispatch::ParameterPosition arg).isKeyword(name) - } or - MkLabelParameter(int n) { - any(DataFlowDispatch::ArgumentPosition c).isPositional(n) - or - any(DataFlowDispatch::ParameterPosition c).isPositional(n) - } or - MkLabelBlockParameter() or - MkLabelEntryPoint(EntryPoint name) or - MkLabelContent(DataFlow::Content content) - - /** A label in the API-graph */ - class ApiLabel extends TLabel { - /** Gets a string representation of this label. */ - string toString() { result = "???" } - } - - private import LabelImpl - - private module LabelImpl { - private import Impl - - /** A label for a member, for example a constant. */ - class LabelMember extends ApiLabel, MkLabelMember { - private string member; - - LabelMember() { this = MkLabelMember(member) } - - /** Gets the member name associated with this label. */ - string getMember() { result = member } - - override string toString() { result = "getMember(\"" + member + "\")" } - } - - /** A label for a method. */ - class LabelMethod extends ApiLabel, MkLabelMethod { - private string method; - - LabelMethod() { this = MkLabelMethod(method) } - - /** Gets the method name associated with this label. */ - string getMethod() { result = method } - - override string toString() { result = "getMethod(\"" + method + "\")" } - } - - /** A label for the return value of a method. */ - class LabelReturn extends ApiLabel, MkLabelReturn { - override string toString() { result = "getReturn()" } - } - - /** A label for getting instances of a module/class. */ - class LabelInstance extends ApiLabel, MkLabelInstance { - override string toString() { result = "getInstance()" } - } - - /** A label for a keyword parameter. */ - class LabelKeywordParameter extends ApiLabel, MkLabelKeywordParameter { - private string name; - - LabelKeywordParameter() { this = MkLabelKeywordParameter(name) } - - /** Gets the name of the keyword parameter associated with this label. */ - string getName() { result = name } - - override string toString() { result = "getKeywordParameter(\"" + name + "\")" } - } - - /** A label for a parameter. */ - class LabelParameter extends ApiLabel, MkLabelParameter { - private int n; - - LabelParameter() { this = MkLabelParameter(n) } - - /** Gets the parameter number associated with this label. */ - int getIndex() { result = n } - - override string toString() { result = "getParameter(" + n + ")" } - } - - /** A label for a block parameter. */ - class LabelBlockParameter extends ApiLabel, MkLabelBlockParameter { - override string toString() { result = "getBlock()" } - } - - /** A label from the root node to a custom entry point. */ - class LabelEntryPoint extends ApiLabel, MkLabelEntryPoint { - private API::EntryPoint name; - - LabelEntryPoint() { this = MkLabelEntryPoint(name) } - - override string toString() { result = "entryPoint(\"" + name + "\")" } - - /** Gets the name of the entry point. */ - API::EntryPoint getName() { result = name } - } - - /** A label representing contents of an object. */ - class LabelContent extends ApiLabel, MkLabelContent { - private DataFlow::Content content; - - LabelContent() { this = MkLabelContent(content) } - - override string toString() { - result = "getContent(" + content.toString().replaceAll(" ", "_") + ")" - } - - /** Gets the content represented by this label. */ - DataFlow::Content getContent() { result = content } - } - } - - /** Gets the `member` edge label for member `m`. */ - LabelMember member(string m) { result.getMember() = m } - - /** Gets the `method` edge label. */ - LabelMethod method(string m) { result.getMethod() = m } - - /** Gets the `return` edge label. */ - LabelReturn return() { any() } - - /** Gets the `instance` edge label. */ - LabelInstance instance() { any() } - - /** Gets the label representing the given keyword argument/parameter. */ - LabelKeywordParameter keywordParameter(string name) { result.getName() = name } - - /** Gets the label representing the `n`th positional argument/parameter. */ - LabelParameter parameter(int n) { result.getIndex() = n } - - /** Gets the label representing the block argument/parameter. */ - LabelBlockParameter blockParameter() { any() } - - /** Gets the label for the edge from the root node to a custom entry point of the given name. */ - LabelEntryPoint entryPoint(API::EntryPoint name) { result.getName() = name } - - /** Gets a label representing the given content. */ - LabelContent content(DataFlow::Content content) { result.getContent() = content } - - /** Gets the API graph label corresponding to the given argument position. */ - Label::ApiLabel getLabelFromArgumentPosition(DataFlowDispatch::ArgumentPosition pos) { - exists(int n | - pos.isPositional(n) and - result = Label::parameter(n) - ) - or - exists(string name | - pos.isKeyword(name) and - result = Label::keywordParameter(name) - ) - or - pos.isBlock() and - result = Label::blockParameter() - or - pos.isAny() and - ( - result = Label::parameter(_) - or - result = Label::keywordParameter(_) - or - result = Label::blockParameter() - // NOTE: `self` should NOT be included, as described in the QLDoc for `isAny()` - ) - or - pos.isAnyNamed() and - result = Label::keywordParameter(_) - // - // Note: there is currently no API graph label for `self`. - // It was omitted since in practice it means going back to where you came from. - // For example, `base.getMethod("foo").getSelf()` would just be `base`. - // However, it's possible we'll need it later, for identifying `self` parameters or post-update nodes. - } - - /** Gets the API graph label corresponding to the given parameter position. */ - Label::ApiLabel getLabelFromParameterPosition(DataFlowDispatch::ParameterPosition pos) { - exists(int n | - pos.isPositional(n) and - result = Label::parameter(n) - ) - or - exists(string name | - pos.isKeyword(name) and - result = Label::keywordParameter(name) - ) - or - pos.isBlock() and - result = Label::blockParameter() - or - pos.isAny() and - ( - result = Label::parameter(_) - or - result = Label::keywordParameter(_) - or - result = Label::blockParameter() - // NOTE: `self` should NOT be included, as described in the QLDoc for `isAny()` - ) - or - pos.isAnyNamed() and - result = Label::keywordParameter(_) - // - // Note: there is currently no API graph label for `self`. - // It was omitted since in practice it means going back to where you came from. - // For example, `base.getMethod("foo").getSelf()` would just be `base`. - // However, it's possible we'll need it later, for identifying `self` parameters or post-update nodes. - } - } } diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll index 01f0f1726d3..c822450bf89 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll @@ -200,13 +200,6 @@ module ExprNodes { override LhsExpr getExpr() { result = super.getExpr() } - /** - * DEPRECATED: use `getVariable` instead. - * - * Gets a variable used in (or introduced by) this LHS. - */ - deprecated Variable getAVariable() { result = e.(VariableAccess).getVariable() } - /** Gets the variable used in (or introduced by) this LHS. */ Variable getVariable() { result = e.(VariableAccess).getVariable() } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index 05af2d0c07e..4c0adc95f25 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -635,8 +635,7 @@ private module Cached { } or TElementContentOfTypeContent(string type, Boolean includeUnknown) { type = any(Content::KnownElementContent content).getIndex().getValueType() - } or - deprecated TNoContentSet() // Only used by type-tracking + } cached class TContentSet = diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 1172ad8f733..93e579c585d 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -1284,13 +1284,6 @@ class LhsExprNode extends ExprNode { /** Gets the underlying AST node as a `LhsExpr`. */ LhsExpr asLhsExprAstNode() { result = lhsExprCfgNode.getExpr() } - /** - * DEPRECATED: use `getVariable` instead. - * - * Gets a variable used in (or introduced by) this LHS. - */ - deprecated Variable getAVariable() { result = lhsExprCfgNode.getAVariable() } - /** Gets the variable used in (or introduced by) this LHS. */ Variable getVariable() { result = lhsExprCfgNode.getVariable() } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll index 7348bfc699b..50f6986f77a 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll @@ -106,71 +106,10 @@ class ActiveRecordModelClass extends ClassDeclaration { // Gets the class declaration for this class and all of its super classes private ModuleBase getAllClassDeclarations() { result = cls.getAnAncestor().getADeclaration() } - /** - * Gets methods defined in this class that may access a field from the database. - */ - deprecated Method getAPotentialFieldAccessMethod() { - // It's a method on this class or one of its super classes - result = this.getAllClassDeclarations().getAMethod() and - // There is a value that can be returned by this method which may include field data - exists(DataFlow::Node returned, ActiveRecordInstanceMethodCall cNode, MethodCall c | - exprNodeReturnedFrom(returned, result) and - cNode.flowsTo(returned) and - c = cNode.asExpr().getExpr() - | - // The referenced method is not built-in, and... - not isBuiltInMethodForActiveRecordModelInstance(c.getMethodName()) and - ( - // ...The receiver does not have a matching method definition, or... - not exists( - cNode.getInstance().getClass().getAllClassDeclarations().getMethod(c.getMethodName()) - ) - or - // ...the called method can access a field - c.getATarget() = cNode.getInstance().getClass().getAPotentialFieldAccessMethod() - ) - ) - } - /** Gets the class as a `DataFlow::ClassNode`. */ DataFlow::ClassNode getClassNode() { result = cls } } -/** - * Gets a potential reference to an ActiveRecord class object. - */ -deprecated private API::Node getAnActiveRecordModelClassRef() { - result = any(ActiveRecordModelClass cls).getClassNode().trackModule() - or - // For methods with an unknown call target, assume this might be a database field, thus returning another ActiveRecord object. - // In this case we do not know which class it belongs to, which is why this predicate can't associate the reference with a specific class. - result = getAnUnknownActiveRecordModelClassCall().getReturn() -} - -/** - * Gets a call performed on an ActiveRecord class object, without a known call target in the codebase. - */ -deprecated private API::MethodAccessNode getAnUnknownActiveRecordModelClassCall() { - result = getAnActiveRecordModelClassRef().getMethod(_) and - result.asCall().asExpr().getExpr() instanceof UnknownMethodCall -} - -/** - * DEPRECATED. Use `ActiveRecordModelClass.getClassNode().trackModule().getMethod()` instead. - * - * A class method call whose receiver is an `ActiveRecordModelClass`. - */ -deprecated class ActiveRecordModelClassMethodCall extends MethodCall { - ActiveRecordModelClassMethodCall() { - this = getAnUnknownActiveRecordModelClassCall().asCall().asExpr().getExpr() - } - - /** Gets the `ActiveRecordModelClass` of the receiver of this method, if it can be determined. */ - ActiveRecordModelClass getReceiverClass() { - this = result.getClassNode().trackModule().getMethod(_).asCall().asExpr().getExpr() - } -} - private predicate sqlFragmentArgumentInner(DataFlow::CallNode call, DataFlow::Node sink) { call = activeRecordQueryBuilderCall([ @@ -257,39 +196,6 @@ private predicate unsafeSqlExpr(Expr sqlFragmentExpr) { sqlFragmentExpr instanceof MethodCall } -/** - * DEPRECATED. Use the `SqlExecution` concept or `ActiveRecordSqlExecutionRange`. - * - * A method call that may result in executing unintended user-controlled SQL - * queries if the `getSqlFragmentSinkArgument()` expression is tainted by - * unsanitized user-controlled input. For example, supposing that `User` is an - * `ActiveRecord` model class, then - * - * ```rb - * User.where("name = '#{user_name}'") - * ``` - * - * may be unsafe if `user_name` is from unsanitized user input, as a value such - * as `"') OR 1=1 --"` could result in the application looking up all users - * rather than just one with a matching name. - */ -deprecated class PotentiallyUnsafeSqlExecutingMethodCall extends ActiveRecordModelClassMethodCall { - private DataFlow::CallNode call; - - PotentiallyUnsafeSqlExecutingMethodCall() { - call.asExpr().getExpr() = this and sqlFragmentArgument(call, _) - } - - /** - * Gets the SQL fragment argument of this method call. - */ - Expr getSqlFragmentSinkArgument() { - exists(DataFlow::Node sink | - sqlFragmentArgument(call, sink) and result = sink.asExpr().getExpr() - ) - } -} - /** * A SQL execution arising from a call to the ActiveRecord library. */ diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll index 9f0e0f4b859..122202c63b7 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveResource.qll @@ -66,27 +66,6 @@ module ActiveResource { } } - /** DEPRECATED. Use `ModelClassNode` instead. */ - deprecated class ModelClass extends ClassDeclaration { - private ModelClassNode cls; - - ModelClass() { this = cls.getADeclaration() } - - /** Gets the class for which this is a declaration. */ - ModelClassNode getClassNode() { result = cls } - - /** Gets the API node for this class object. */ - deprecated API::Node getModelApiNode() { result = cls.trackModule() } - - /** Gets a call to `site=`, which sets the base URL for this model. */ - SiteAssignCall getASiteAssignment() { result = cls.getASiteAssignment() } - - /** Holds if `c` sets a base URL which does not use HTTPS. */ - predicate disablesCertificateValidation(SiteAssignCall c) { - cls.disablesCertificateValidation(c) - } - } - /** * A call to a class method on an ActiveResource model class. * @@ -169,20 +148,6 @@ module ActiveResource { CustomHttpCall() { this.getMethodName() = ["get", "post", "put", "patch", "delete"] } } - /** - * DEPRECATED. Use `ModelClassNode.getAnInstanceReference()` instead. - * - * An ActiveResource model object. - */ - deprecated class ModelInstance extends DataFlow::Node { - private ModelClassNode cls; - - ModelInstance() { this = cls.getAnInstanceReference().getAValueReachableFromSource() } - - /** Gets the model class for this instance. */ - ModelClassNode getModelClass() { result = cls } - } - /** * A call to a method on an ActiveResource model object. */ @@ -191,22 +156,10 @@ module ActiveResource { ModelInstanceMethodCall() { this = cls.getAnInstanceReference().getAMethodCall(_) } - /** Gets the model instance for this call. */ - deprecated ModelInstance getInstance() { result = this.getReceiver() } - /** Gets the model class for this call. */ ModelClassNode getModelClass() { result = cls } } - /** - * DEPRECATED. Use `CollectionSource` instead. - * - * A data flow node that may refer to a collection of ActiveResource model objects. - */ - deprecated class Collection extends DataFlow::Node { - Collection() { this = any(CollectionSource src).track().getAValueReachableFromSource() } - } - /** * A call that returns a collection of ActiveResource model objects. */ diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll b/ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll index 7b8648bd2b1..483eea7b63c 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Twirp.qll @@ -13,36 +13,6 @@ private import codeql.ruby.Concepts * Provides classes for modeling the `Twirp` framework. */ module Twirp { - /** - * A Twirp service instantiation - */ - deprecated class ServiceInstantiation extends DataFlow::CallNode { - ServiceInstantiation() { - this = API::getTopLevelMember("Twirp").getMember("Service").getAnInstantiation() - } - - /** - * Gets a handler's method. - */ - DataFlow::MethodNode getAHandlerMethodNode() { - result = this.getArgument(0).backtrack().getMethod(_).asCallable() - } - - /** - * Gets a handler's method as an AST node. - */ - Ast::Method getAHandlerMethod() { result = this.getAHandlerMethodNode().asCallableAstNode() } - } - - /** - * A Twirp client - */ - deprecated class ClientInstantiation extends DataFlow::CallNode { - ClientInstantiation() { - this = API::getTopLevelMember("Twirp").getMember("Client").getAnInstantiation() - } - } - /** The URL of a Twirp service, considered as a sink. */ class ServiceUrlAsSsrfSink extends ServerSideRequestForgery::Sink { ServiceUrlAsSsrfSink() { diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll index c2d7437c169..8d801b8548d 100644 --- a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll @@ -34,9 +34,3 @@ private module InsecureDownloadConfig implements DataFlow::StateConfigSig { * Taint-tracking for download of sensitive file through insecure connection. */ module InsecureDownloadFlow = DataFlow::GlobalWithState; - -/** DEPRECATED: Use `InsecureDownloadConfig` */ -deprecated module Config = InsecureDownloadConfig; - -/** DEPRECATED: Use `InsecureDownloadFlow` */ -deprecated module Flow = InsecureDownloadFlow; diff --git a/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll index 770357c2d1b..e9909d219ff 100644 --- a/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/LdapInjectionQuery.qll @@ -7,15 +7,6 @@ private import codeql.ruby.DataFlow private import codeql.ruby.TaintTracking private import LdapInjectionCustomizations::LdapInjection as LI -/** - * Provides a taint-tracking configuration for detecting LDAP Injections vulnerabilities. - * DEPRECATED: Use `LdapInjectionFlow` instead - */ -deprecated module LdapInjection { - import LdapInjectionCustomizations::LdapInjection - import TaintTracking::Global -} - private module LdapInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof LI::Source } diff --git a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll index c9b383aa3ba..927c46ede6b 100644 --- a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll @@ -11,15 +11,6 @@ import codeql.ruby.AST import codeql.ruby.DataFlow import codeql.ruby.TaintTracking -/** - * Provides a taint-tracking configuration for cross-site scripting vulnerabilities. - * DEPRECATED: Use StoredXssFlow - */ -deprecated module StoredXss { - import XSS::StoredXss - import TaintTracking::Global -} - private module StoredXssConfig implements DataFlow::ConfigSig { private import XSS::StoredXss diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll index 746a380e62c..4d4cf19be12 100644 --- a/ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UnsafeCodeConstructionCustomizations.qll @@ -43,8 +43,6 @@ module UnsafeCodeConstruction { result = getANodeExecutedAsCode(TypeBackTracker::end(), codeExec) } - deprecated import codeql.ruby.typetracking.TypeTracker as TypeTracker - /** Gets a node that is eventually executed as code at `codeExec`, type-tracked with `t`. */ private DataFlow::LocalSourceNode getANodeExecutedAsCode( TypeBackTracker t, Concepts::CodeExecution codeExec diff --git a/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionCustomizations.qll index be57768c141..ee00d96b4f3 100644 --- a/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UnsafeShellCommandConstructionCustomizations.qll @@ -48,8 +48,6 @@ module UnsafeShellCommandConstruction { source = backtrackShellExec(TypeBackTracker::end(), shellExec) } - deprecated import codeql.ruby.typetracking.TypeTracker as TypeTracker - private DataFlow::LocalSourceNode backtrackShellExec( TypeBackTracker t, Concepts::SystemCommandExecution shellExec ) { diff --git a/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll index adbff127a8d..d443f2a3925 100644 --- a/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/XpathInjectionQuery.qll @@ -10,14 +10,6 @@ private import codeql.ruby.DataFlow private import codeql.ruby.TaintTracking import XpathInjectionCustomizations::XpathInjection -/** - * Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities. - * DEPRECATED: Use `XpathInjectionFlow` - */ -deprecated module XpathInjection { - import TaintTracking::Global -} - private module XpathInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll index cc79cdb2699..c56f7c48468 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll @@ -8,929 +8,6 @@ private import TypeTrackerSpecific private import codeql.util.Boolean cached -private module Cached { - /** - * A description of a step on an inter-procedural data flow path. - */ - cached - deprecated newtype TStepSummary = - LevelStep() or - CallStep() or - ReturnStep() or - deprecated StoreStep(TypeTrackerContent content) { basicStoreStep(_, _, content) } or - deprecated LoadStep(TypeTrackerContent content) { basicLoadStep(_, _, content) } or - deprecated LoadStoreStep(TypeTrackerContent load, TypeTrackerContent store) { - basicLoadStoreStep(_, _, load, store) - } or - deprecated WithContent(ContentFilter filter) { basicWithContentStep(_, _, filter) } or - deprecated WithoutContent(ContentFilter filter) { basicWithoutContentStep(_, _, filter) } or - JumpStep() - - cached - deprecated newtype TTypeTracker = - deprecated MkTypeTracker(Boolean hasCall, OptionalTypeTrackerContent content) { - content = noContent() - or - // Restrict `content` to those that might eventually match a load. - // We can't rely on `basicStoreStep` since `startInContent` might be used with - // a content that has no corresponding store. - exists(TypeTrackerContent loadContents | - ( - basicLoadStep(_, _, loadContents) - or - basicLoadStoreStep(_, _, loadContents, _) - ) and - compatibleContents(content, loadContents) - ) - } - - cached - deprecated newtype TTypeBackTracker = - deprecated MkTypeBackTracker(Boolean hasReturn, OptionalTypeTrackerContent content) { - content = noContent() - or - // As in MkTypeTracker, restrict `content` to those that might eventually match a store. - exists(TypeTrackerContent storeContent | - ( - basicStoreStep(_, _, storeContent) - or - basicLoadStoreStep(_, _, _, storeContent) - ) and - compatibleContents(storeContent, content) - ) - } - - /** Gets a type tracker with no content and the call bit set to the given value. */ - cached - deprecated TypeTracker noContentTypeTracker(boolean hasCall) { - result = MkTypeTracker(hasCall, noContent()) - } - - /** Gets the summary resulting from appending `step` to type-tracking summary `tt`. */ - cached - deprecated TypeTracker append(TypeTracker tt, StepSummary step) { - exists(Boolean hasCall, OptionalTypeTrackerContent currentContents | - tt = MkTypeTracker(hasCall, currentContents) - | - step = LevelStep() and result = tt - or - step = CallStep() and result = MkTypeTracker(true, currentContents) - or - step = ReturnStep() and hasCall = false and result = tt - or - step = JumpStep() and - result = MkTypeTracker(false, currentContents) - or - exists(ContentFilter filter | result = tt | - step = WithContent(filter) and - currentContents = filter.getAMatchingContent() - or - step = WithoutContent(filter) and - not currentContents = filter.getAMatchingContent() - ) - ) - or - exists(TypeTrackerContent storeContents, boolean hasCall | - exists(TypeTrackerContent loadContents | - step = LoadStep(pragma[only_bind_into](loadContents)) and - tt = MkTypeTracker(hasCall, storeContents) and - compatibleContents(storeContents, loadContents) and - result = noContentTypeTracker(hasCall) - ) - or - step = StoreStep(pragma[only_bind_into](storeContents)) and - tt = noContentTypeTracker(hasCall) and - result = MkTypeTracker(hasCall, storeContents) - ) - or - exists( - TypeTrackerContent currentContent, TypeTrackerContent store, TypeTrackerContent load, - boolean hasCall - | - step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and - compatibleContents(pragma[only_bind_into](currentContent), load) and - tt = MkTypeTracker(pragma[only_bind_into](hasCall), currentContent) and - result = MkTypeTracker(pragma[only_bind_out](hasCall), store) - ) - } - - pragma[nomagic] - deprecated private TypeBackTracker noContentTypeBackTracker(boolean hasReturn) { - result = MkTypeBackTracker(hasReturn, noContent()) - } - - /** Gets the summary resulting from prepending `step` to this type-tracking summary. */ - cached - deprecated TypeBackTracker prepend(TypeBackTracker tbt, StepSummary step) { - exists(Boolean hasReturn, OptionalTypeTrackerContent content | - tbt = MkTypeBackTracker(hasReturn, content) - | - step = LevelStep() and result = tbt - or - step = CallStep() and hasReturn = false and result = tbt - or - step = ReturnStep() and result = MkTypeBackTracker(true, content) - or - step = JumpStep() and - result = MkTypeBackTracker(false, content) - or - exists(ContentFilter filter | result = tbt | - step = WithContent(filter) and - content = filter.getAMatchingContent() - or - step = WithoutContent(filter) and - not content = filter.getAMatchingContent() - ) - ) - or - exists(TypeTrackerContent loadContents, boolean hasReturn | - exists(TypeTrackerContent storeContents | - step = StoreStep(pragma[only_bind_into](storeContents)) and - tbt = MkTypeBackTracker(hasReturn, loadContents) and - compatibleContents(storeContents, loadContents) and - result = noContentTypeBackTracker(hasReturn) - ) - or - step = LoadStep(pragma[only_bind_into](loadContents)) and - tbt = noContentTypeBackTracker(hasReturn) and - result = MkTypeBackTracker(hasReturn, loadContents) - ) - or - exists( - TypeTrackerContent currentContent, TypeTrackerContent store, TypeTrackerContent load, - boolean hasCall - | - step = LoadStoreStep(pragma[only_bind_into](load), pragma[only_bind_into](store)) and - compatibleContents(store, pragma[only_bind_into](currentContent)) and - tbt = MkTypeBackTracker(pragma[only_bind_into](hasCall), currentContent) and - result = MkTypeBackTracker(pragma[only_bind_out](hasCall), load) - ) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or intra-procedural step from `nodeFrom` to `nodeTo`. - * - * Steps contained in this predicate should _not_ depend on the call graph. - */ - cached - deprecated predicate stepNoCall( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary - ) { - exists(Node mid | nodeFrom.flowsTo(mid) and smallstepNoCall(mid, nodeTo, summary)) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - */ - cached - deprecated predicate stepCall( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary - ) { - exists(Node mid | nodeFrom.flowsTo(mid) and smallstepCall(mid, nodeTo, summary)) - } - - cached - deprecated predicate smallstepNoCall(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - jumpStep(nodeFrom, nodeTo) and - summary = JumpStep() - or - levelStepNoCall(nodeFrom, nodeTo) and - summary = LevelStep() - or - exists(TypeTrackerContent content | - flowsToStoreStep(nodeFrom, nodeTo, content) and - summary = StoreStep(content) - or - basicLoadStep(nodeFrom, nodeTo, content) and summary = LoadStep(content) - ) - or - exists(TypeTrackerContent loadContent, TypeTrackerContent storeContent | - flowsToLoadStoreStep(nodeFrom, nodeTo, loadContent, storeContent) and - summary = LoadStoreStep(loadContent, storeContent) - ) - or - exists(ContentFilter filter | - basicWithContentStep(nodeFrom, nodeTo, filter) and - summary = WithContent(filter) - or - basicWithoutContentStep(nodeFrom, nodeTo, filter) and - summary = WithoutContent(filter) - ) - } - - cached - deprecated predicate smallstepCall(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - callStep(nodeFrom, nodeTo) and summary = CallStep() - or - returnStep(nodeFrom, nodeTo) and - summary = ReturnStep() - or - levelStepCall(nodeFrom, nodeTo) and - summary = LevelStep() - } -} +private module Cached { } private import Cached - -deprecated private predicate step( - TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary -) { - stepNoCall(nodeFrom, nodeTo, summary) - or - stepCall(nodeFrom, nodeTo, summary) -} - -pragma[nomagic] -deprecated private predicate stepProj(TypeTrackingNode nodeFrom, StepSummary summary) { - step(nodeFrom, _, summary) -} - -deprecated private predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - smallstepNoCall(nodeFrom, nodeTo, summary) - or - smallstepCall(nodeFrom, nodeTo, summary) -} - -pragma[nomagic] -deprecated private predicate smallstepProj(Node nodeFrom, StepSummary summary) { - smallstep(nodeFrom, _, summary) -} - -/** - * Holds if `nodeFrom` is being written to the `content` of the object in `nodeTo`. - * - * Note that `nodeTo` will always be a local source node that flows to the place where the content - * is written in `basicStoreStep`. This may lead to the flow of information going "back in time" - * from the point of view of the execution of the program. - * - * For instance, if we interpret attribute writes in Python as writing to content with the same - * name as the attribute and consider the following snippet - * - * ```python - * def foo(y): - * x = Foo() - * bar(x) - * x.attr = y - * baz(x) - * - * def bar(x): - * z = x.attr - * ``` - * for the attribute write `x.attr = y`, we will have `content` being the literal string `"attr"`, - * `nodeFrom` will be `y`, and `nodeTo` will be the object `Foo()` created on the first line of the - * function. This means we will track the fact that `x.attr` can have the type of `y` into the - * assignment to `z` inside `bar`, even though this attribute write happens _after_ `bar` is called. - */ -deprecated private predicate flowsToStoreStep( - Node nodeFrom, TypeTrackingNode nodeTo, TypeTrackerContent content -) { - exists(Node obj | nodeTo.flowsTo(obj) and basicStoreStep(nodeFrom, obj, content)) -} - -/** - * Holds if `loadContent` is loaded from `nodeFrom` and written to `storeContent` of `nodeTo`. - */ -deprecated private predicate flowsToLoadStoreStep( - Node nodeFrom, TypeTrackingNode nodeTo, TypeTrackerContent loadContent, - TypeTrackerContent storeContent -) { - exists(Node obj | - nodeTo.flowsTo(obj) and basicLoadStoreStep(nodeFrom, obj, loadContent, storeContent) - ) -} - -/** - * INTERNAL: Use `TypeTracker` or `TypeBackTracker` instead. - * - * A description of a step on an inter-procedural data flow path. - */ -deprecated class StepSummary extends TStepSummary { - /** Gets a textual representation of this step summary. */ - string toString() { - this instanceof LevelStep and result = "level" - or - this instanceof CallStep and result = "call" - or - this instanceof ReturnStep and result = "return" - or - exists(TypeTrackerContent content | this = StoreStep(content) | result = "store " + content) - or - exists(TypeTrackerContent content | this = LoadStep(content) | result = "load " + content) - or - exists(TypeTrackerContent load, TypeTrackerContent store | - this = LoadStoreStep(load, store) and - result = "load-store " + load + " -> " + store - ) - or - this instanceof JumpStep and result = "jump" - } -} - -/** Provides predicates for updating step summaries (`StepSummary`s). */ -deprecated module StepSummary { - predicate append = Cached::append/2; - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate stepCall = Cached::stepCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate stepNoCall = Cached::stepNoCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - */ - predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - stepNoCall(nodeFrom, nodeTo, summary) - or - stepCall(nodeFrom, nodeTo, summary) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate smallstepNoCall = Cached::smallstepNoCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - predicate smallstepCall = Cached::smallstepCall/3; - - /** - * Gets the summary that corresponds to having taken a forwards - * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * Unlike `StepSummary::step`, this predicate does not compress - * type-preserving steps. - */ - predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { - smallstepNoCall(nodeFrom, nodeTo, summary) - or - smallstepCall(nodeFrom, nodeTo, summary) - } - - /** Gets the step summary for a level step. */ - StepSummary levelStep() { result = LevelStep() } - - /** Gets the step summary for a call step. */ - StepSummary callStep() { result = CallStep() } - - /** Gets the step summary for a return step. */ - StepSummary returnStep() { result = ReturnStep() } - - /** Gets the step summary for storing into `content`. */ - StepSummary storeStep(TypeTrackerContent content) { result = StoreStep(content) } - - /** Gets the step summary for loading from `content`. */ - StepSummary loadStep(TypeTrackerContent content) { result = LoadStep(content) } - - /** Gets the step summary for loading from `load` and then storing into `store`. */ - StepSummary loadStoreStep(TypeTrackerContent load, TypeTrackerContent store) { - result = LoadStoreStep(load, store) - } - - /** Gets the step summary for a step that only permits contents matched by `filter`. */ - StepSummary withContent(ContentFilter filter) { result = WithContent(filter) } - - /** Gets the step summary for a step that blocks contents matched by `filter`. */ - StepSummary withoutContent(ContentFilter filter) { result = WithoutContent(filter) } - - /** Gets the step summary for a jump step. */ - StepSummary jumpStep() { result = JumpStep() } -} - -/** - * DEPRECATED: Use `codeql.ruby.typetracking.TypeTracking` instead. - * - * A summary of the steps needed to track a value to a given dataflow node. - * - * This can be used to track objects that implement a certain API in order to - * recognize calls to that API. Note that type-tracking does not by itself provide a - * source/sink relation, that is, it may determine that a node has a given type, - * but it won't determine where that type came from. - * - * It is recommended that all uses of this type are written in the following form, - * for tracking some type `myType`: - * ```ql - * DataFlow::TypeTrackingNode myType(DataFlow::TypeTracker t) { - * t.start() and - * result = < source of myType > - * or - * exists (DataFlow::TypeTracker t2 | - * result = myType(t2).track(t2, t) - * ) - * } - * - * DataFlow::Node myType() { myType(DataFlow::TypeTracker::end()).flowsTo(result) } - * ``` - * - * Instead of `result = myType(t2).track(t2, t)`, you can also use the equivalent - * `t = t2.step(myType(t2), result)`. If you additionally want to track individual - * intra-procedural steps, use `t = t2.smallstep(myCallback(t2), result)`. - */ -deprecated class TypeTracker extends TTypeTracker { - Boolean hasCall; - OptionalTypeTrackerContent content; - - TypeTracker() { this = MkTypeTracker(hasCall, content) } - - /** Gets the summary resulting from appending `step` to this type-tracking summary. */ - TypeTracker append(StepSummary step) { result = append(this, step) } - - /** Gets a textual representation of this summary. */ - string toString() { - exists(string withCall, string withContent | - (if hasCall = true then withCall = "with" else withCall = "without") and - ( - if content != noContent() - then withContent = " with content " + content - else withContent = "" - ) and - result = "type tracker " + withCall + " call steps" + withContent - ) - } - - /** - * Holds if this is the starting point of type tracking. - */ - predicate start() { hasCall = false and content = noContent() } - - /** - * Holds if this is the starting point of type tracking, and the value starts in the content named `contentName`. - * The type tracking only ends after the content has been loaded. - */ - predicate startInContent(TypeTrackerContent contentName) { - hasCall = false and content = contentName - } - - /** - * Holds if this is the starting point of type tracking - * when tracking a parameter into a call, but not out of it. - */ - predicate call() { hasCall = true and content = noContent() } - - /** - * Holds if this is the end point of type tracking. - */ - predicate end() { content = noContent() } - - /** - * INTERNAL. DO NOT USE. - * - * Holds if this type has been tracked into a call. - */ - boolean hasCall() { result = hasCall } - - /** - * INTERNAL. DO NOT USE. - * - * Gets the content associated with this type tracker. - */ - OptionalTypeTrackerContent getContent() { result = content } - - /** - * Gets a type tracker that starts where this one has left off to allow continued - * tracking. - * - * This predicate is only defined if the type is not associated to a piece of content. - */ - TypeTracker continue() { content = noContent() and result = this } - - /** - * Gets the summary that corresponds to having taken a forwards - * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - */ - bindingset[nodeFrom, this] - pragma[inline_late] - pragma[noopt] - TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - stepProj(nodeFrom, summary) and - result = this.append(summary) and - step(nodeFrom, nodeTo, summary) - ) - } - - bindingset[nodeFrom, this] - pragma[inline_late] - pragma[noopt] - private TypeTracker smallstepNoSimpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepProj(nodeFrom, summary) and - result = this.append(summary) and - smallstep(nodeFrom, nodeTo, summary) - ) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * Unlike `TypeTracker::step`, this predicate exposes all edges - * in the flow graph, and not just the edges between `Node`s. - * It may therefore be less performant. - * - * Type tracking predicates using small steps typically take the following form: - * ```ql - * DataFlow::Node myType(DataFlow::TypeTracker t) { - * t.start() and - * result = < source of myType > - * or - * exists (DataFlow::TypeTracker t2 | - * t = t2.smallstep(myType(t2), result) - * ) - * } - * - * DataFlow::Node myType() { - * result = myType(DataFlow::TypeTracker::end()) - * } - * ``` - */ - pragma[inline] - TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - result = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this - } -} - -/** Provides predicates for implementing custom `TypeTracker`s. */ -deprecated module TypeTracker { - /** - * Gets a valid end point of type tracking. - */ - TypeTracker end() { result.end() } - - /** - * INTERNAL USE ONLY. - * - * Gets a valid end point of type tracking with the call bit set to the given value. - */ - predicate end = Cached::noContentTypeTracker/1; -} - -pragma[nomagic] -deprecated private predicate backStepProj(TypeTrackingNode nodeTo, StepSummary summary) { - step(_, nodeTo, summary) -} - -deprecated private predicate backSmallstepProj(TypeTrackingNode nodeTo, StepSummary summary) { - smallstep(_, nodeTo, summary) -} - -/** - * DEPRECATED: Use `codeql.ruby.typetracking.TypeTracking` instead. - * - * A summary of the steps needed to back-track a use of a value to a given dataflow node. - * - * This can for example be used to track callbacks that are passed to a certain API, - * so we can model specific parameters of that callback as having a certain type. - * - * Note that type back-tracking does not provide a source/sink relation, that is, - * it may determine that a node will be used in an API call somewhere, but it won't - * determine exactly where that use was, or the path that led to the use. - * - * It is recommended that all uses of this type are written in the following form, - * for back-tracking some callback type `myCallback`: - * - * ```ql - * DataFlow::TypeTrackingNode myCallback(DataFlow::TypeBackTracker t) { - * t.start() and - * result = (< some API call >).getArgument(< n >).getALocalSource() - * or - * exists (DataFlow::TypeBackTracker t2 | - * result = myCallback(t2).backtrack(t2, t) - * ) - * } - * - * DataFlow::TypeTrackingNode myCallback() { result = myCallback(DataFlow::TypeBackTracker::end()) } - * ``` - * - * Instead of `result = myCallback(t2).backtrack(t2, t)`, you can also use the equivalent - * `t2 = t.step(result, myCallback(t2))`. If you additionally want to track individual - * intra-procedural steps, use `t2 = t.smallstep(result, myCallback(t2))`. - */ -deprecated class TypeBackTracker extends TTypeBackTracker { - Boolean hasReturn; - OptionalTypeTrackerContent content; - - TypeBackTracker() { this = MkTypeBackTracker(hasReturn, content) } - - /** Gets the summary resulting from prepending `step` to this type-tracking summary. */ - TypeBackTracker prepend(StepSummary step) { result = prepend(this, step) } - - /** Gets a textual representation of this summary. */ - string toString() { - exists(string withReturn, string withContent | - (if hasReturn = true then withReturn = "with" else withReturn = "without") and - ( - if content != noContent() - then withContent = " with content " + content - else withContent = "" - ) and - result = "type back-tracker " + withReturn + " return steps" + withContent - ) - } - - /** - * Holds if this is the starting point of type tracking. - */ - predicate start() { hasReturn = false and content = noContent() } - - /** - * Holds if this is the end point of type tracking. - */ - predicate end() { content = noContent() } - - /** - * INTERNAL. DO NOT USE. - * - * Holds if this type has been back-tracked into a call through return edge. - */ - boolean hasReturn() { result = hasReturn } - - /** - * Gets a type tracker that starts where this one has left off to allow continued - * tracking. - * - * This predicate is only defined if the type has not been tracked into a piece of content. - */ - TypeBackTracker continue() { content = noContent() and result = this } - - /** - * Gets the summary that corresponds to having taken a backwards - * heap and/or inter-procedural step from `nodeTo` to `nodeFrom`. - */ - bindingset[nodeTo, result] - pragma[inline_late] - pragma[noopt] - TypeBackTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - backStepProj(nodeTo, summary) and - this = result.prepend(summary) and - step(nodeFrom, nodeTo, summary) - ) - } - - bindingset[nodeTo, result] - pragma[inline_late] - pragma[noopt] - private TypeBackTracker smallstepNoSimpleLocalFlowStep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - backSmallstepProj(nodeTo, summary) and - this = result.prepend(summary) and - smallstep(nodeFrom, nodeTo, summary) - ) - } - - /** - * Gets the summary that corresponds to having taken a backwards - * local, heap and/or inter-procedural step from `nodeTo` to `nodeFrom`. - * - * Unlike `TypeBackTracker::step`, this predicate exposes all edges - * in the flowgraph, and not just the edges between - * `TypeTrackingNode`s. It may therefore be less performant. - * - * Type tracking predicates using small steps typically take the following form: - * ```ql - * DataFlow::Node myType(DataFlow::TypeBackTracker t) { - * t.start() and - * result = < some API call >.getArgument(< n >) - * or - * exists (DataFlow::TypeBackTracker t2 | - * t = t2.smallstep(result, myType(t2)) - * ) - * } - * - * DataFlow::Node myType() { - * result = myType(DataFlow::TypeBackTracker::end()) - * } - * ``` - */ - pragma[inline] - TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { - this = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - this = result - } - - /** - * Gets a forwards summary that is compatible with this backwards summary. - * That is, if this summary describes the steps needed to back-track a value - * from `sink` to `mid`, and the result is a valid summary of the steps needed - * to track a value from `source` to `mid`, then the value from `source` may - * also flow to `sink`. - */ - TypeTracker getACompatibleTypeTracker() { - exists(boolean hasCall, OptionalTypeTrackerContent c | - result = MkTypeTracker(hasCall, c) and - ( - compatibleContents(c, content) - or - content = noContent() and c = content - ) - | - hasCall = false - or - this.hasReturn() = false - ) - } -} - -/** Provides predicates for implementing custom `TypeBackTracker`s. */ -deprecated module TypeBackTracker { - /** - * Gets a valid end point of type back-tracking. - */ - TypeBackTracker end() { result.end() } -} - -/** - * INTERNAL: Do not use. - * - * Provides logic for constructing a call graph in mutual recursion with type tracking. - * - * When type tracking is used to construct a call graph, we cannot use the join-order - * from `stepInlineLate`, because `step` becomes a recursive call, which means that we - * will have a conjunct with 3 recursive calls: the call to `step`, the call to `stepProj`, - * and the recursive type tracking call itself. The solution is to split the three-way - * non-linear recursion into two non-linear predicates: one that first joins with the - * projected `stepCall` relation, followed by a predicate that joins with the full - * `stepCall` relation (`stepNoCall` not being recursive, can be join-ordered in the - * same way as in `stepInlineLate`). - */ -deprecated module CallGraphConstruction { - /** The input to call graph construction. */ - signature module InputSig { - /** A state to track during type tracking. */ - class State; - - /** Holds if type tracking should start at `start` in state `state`. */ - deprecated predicate start(Node start, State state); - - /** - * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, - * which _does not_ depend on the call graph. - * - * Implementing this predicate using `StepSummary::[small]stepNoCall` yields - * standard type tracking. - */ - deprecated predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary); - - /** - * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, - * which _does_ depend on the call graph. - * - * Implementing this predicate using `StepSummary::[small]stepCall` yields - * standard type tracking. - */ - deprecated predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary); - - /** A projection of an element from the state space. */ - class StateProj; - - /** Gets the projection of `state`. */ - StateProj stateProj(State state); - - /** Holds if type tracking should stop at `n` when we are tracking projected state `stateProj`. */ - deprecated predicate filter(Node n, StateProj stateProj); - } - - /** Provides the `track` predicate for use in call graph construction. */ - module Make { - pragma[nomagic] - deprecated private predicate stepNoCallProj(Node nodeFrom, StepSummary summary) { - Input::stepNoCall(nodeFrom, _, summary) - } - - pragma[nomagic] - deprecated private predicate stepCallProj(Node nodeFrom, StepSummary summary) { - Input::stepCall(nodeFrom, _, summary) - } - - bindingset[nodeFrom, t] - pragma[inline_late] - pragma[noopt] - deprecated private TypeTracker stepNoCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo - ) { - exists(StepSummary summary | - stepNoCallProj(nodeFrom, summary) and - result = t.append(summary) and - Input::stepNoCall(nodeFrom, nodeTo, summary) - ) - } - - bindingset[state] - pragma[inline_late] - private Input::StateProj stateProjInlineLate(Input::State state) { - result = Input::stateProj(state) - } - - pragma[nomagic] - deprecated private Node track(Input::State state, TypeTracker t) { - t.start() and Input::start(result, state) - or - exists(Input::StateProj stateProj | - stateProj = stateProjInlineLate(state) and - not Input::filter(result, stateProj) - | - exists(TypeTracker t2 | t = stepNoCallInlineLate(t2, track(state, t2), result)) - or - exists(StepSummary summary | - // non-linear recursion - Input::stepCall(trackCall(state, t, summary), result, summary) - ) - ) - } - - bindingset[t, summary] - pragma[inline_late] - deprecated private TypeTracker appendInlineLate(TypeTracker t, StepSummary summary) { - result = t.append(summary) - } - - pragma[nomagic] - deprecated private Node trackCall(Input::State state, TypeTracker t, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = track(state, t2) and - stepCallProj(result, summary) and - t = appendInlineLate(t2, summary) - ) - } - - /** Gets a node that can be reached from _some_ start node in state `state`. */ - pragma[nomagic] - deprecated Node track(Input::State state) { result = track(state, TypeTracker::end()) } - } - - /** A simple version of `CallGraphConstruction` that uses standard type tracking. */ - module Simple { - /** The input to call graph construction. */ - signature module InputSig { - /** A state to track during type tracking. */ - class State; - - /** Holds if type tracking should start at `start` in state `state`. */ - deprecated predicate start(Node start, State state); - - /** Holds if type tracking should stop at `n`. */ - deprecated predicate filter(Node n); - } - - /** Provides the `track` predicate for use in call graph construction. */ - module Make { - deprecated private module I implements CallGraphConstruction::InputSig { - private import codeql.util.Unit - - class State = Input::State; - - predicate start(Node start, State state) { Input::start(start, state) } - - predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary) { - StepSummary::stepNoCall(nodeFrom, nodeTo, summary) - } - - predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary) { - StepSummary::stepCall(nodeFrom, nodeTo, summary) - } - - class StateProj = Unit; - - Unit stateProj(State state) { exists(state) and exists(result) } - - predicate filter(Node n, Unit u) { - Input::filter(n) and - exists(u) - } - } - - deprecated import CallGraphConstruction::Make - } - } -} diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index df92128b608..c92180d134e 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -2,134 +2,3 @@ private import codeql.ruby.dataflow.internal.DataFlowPublic as DataFlowPublic private import codeql.ruby.dataflow.internal.DataFlowPrivate as DataFlowPrivate private import internal.TypeTrackingImpl as TypeTrackingImpl deprecated import codeql.util.Boolean - -deprecated class Node = DataFlowPublic::Node; - -deprecated class TypeTrackingNode = DataFlowPublic::LocalSourceNode; - -deprecated class TypeTrackerContent = DataFlowPublic::ContentSet; - -/** - * An optional content set, that is, a `ContentSet` or the special "no content set" value. - */ -deprecated class OptionalTypeTrackerContent extends DataFlowPrivate::TOptionalContentSet { - /** Gets a textual representation of this content set. */ - string toString() { - this instanceof DataFlowPrivate::TNoContentSet and - result = "no content" - or - result = this.(DataFlowPublic::ContentSet).toString() - } -} - -/** - * A label to use for `WithContent` and `WithoutContent` steps, restricting - * which `ContentSet` may pass through. - */ -deprecated class ContentFilter = TypeTrackingImpl::TypeTrackingInput::ContentFilter; - -/** Module for getting `ContentFilter` values. */ -deprecated module ContentFilter { - /** Gets the filter that only allow element contents. */ - ContentFilter hasElements() { any() } -} - -/** - * Holds if a value stored with `storeContents` can be read back with `loadContents`. - */ -pragma[inline] -deprecated predicate compatibleContents( - TypeTrackerContent storeContents, TypeTrackerContent loadContents -) { - storeContents.getAStoreContent() = loadContents.getAReadContent() -} - -/** Gets the "no content set" value to use for a type tracker not inside any content. */ -deprecated OptionalTypeTrackerContent noContent() { result = DataFlowPrivate::TNoContentSet() } - -/** Holds if there is a simple local flow step from `nodeFrom` to `nodeTo` */ -deprecated predicate simpleLocalFlowStep = - TypeTrackingImpl::TypeTrackingInput::simpleLocalSmallStep/2; - -/** - * Holds if data can flow from `node1` to `node2` in a way that discards call contexts. - */ -deprecated predicate jumpStep = TypeTrackingImpl::TypeTrackingInput::jumpStep/2; - -/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */ -deprecated predicate levelStepCall = TypeTrackingImpl::TypeTrackingInput::levelStepCall/2; - -/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which does not depend on the call graph. */ -deprecated predicate levelStepNoCall = TypeTrackingImpl::TypeTrackingInput::levelStepNoCall/2; - -/** - * Holds if `nodeFrom` steps to `nodeTo` by being passed as a parameter in a call. - * - * Flow into summarized library methods is not included, as that will lead to negative - * recursion (or, at best, terrible performance), since identifying calls to library - * methods is done using API graphs (which uses type tracking). - */ -deprecated predicate callStep = TypeTrackingImpl::TypeTrackingInput::callStep/2; - -/** - * Holds if `nodeFrom` steps to `nodeTo` by being returned from a call. - * - * Flow out of summarized library methods is not included, as that will lead to negative - * recursion (or, at best, terrible performance), since identifying calls to library - * methods is done using API graphs (which uses type tracking). - */ -deprecated predicate returnStep = TypeTrackingImpl::TypeTrackingInput::returnStep/2; - -/** - * Holds if `nodeFrom` is being written to the `contents` of the object - * in `nodeTo`. - * - * Note that the choice of `nodeTo` does not have to make sense - * "chronologically". All we care about is whether the `contents` of - * `nodeTo` can have a specific type, and the assumption is that if a specific - * type appears here, then any access of that particular content can yield - * something of that particular type. - * - * Thus, in an example such as - * - * ```rb - * def foo(y) - * x = Foo.new - * bar(x) - * x.content = y - * baz(x) - * end - * - * def bar(x) - * z = x.content - * end - * ``` - * for the content write `x.content = y`, we will have `contents` being the - * literal string `"content"`, `nodeFrom` will be `y`, and `nodeTo` will be the - * `Foo` object created on the first line of the function. This means we will - * track the fact that `x.content` can have the type of `y` into the assignment - * to `z` inside `bar`, even though this content write happens _after_ `bar` is - * called. - */ -deprecated predicate basicStoreStep = TypeTrackingImpl::TypeTrackingInput::storeStep/3; - -/** - * Holds if `nodeTo` is the result of accessing the `content` content of `nodeFrom`. - */ -deprecated predicate basicLoadStep = TypeTrackingImpl::TypeTrackingInput::loadStep/3; - -/** - * Holds if the `loadContent` of `nodeFrom` is stored in the `storeContent` of `nodeTo`. - */ -deprecated predicate basicLoadStoreStep = TypeTrackingImpl::TypeTrackingInput::loadStoreStep/4; - -/** - * Holds if type-tracking should step from `nodeFrom` to `nodeTo` but block flow of contents matched by `filter` through here. - */ -deprecated predicate basicWithoutContentStep = - TypeTrackingImpl::TypeTrackingInput::withoutContentStep/3; - -/** - * Holds if type-tracking should step from `nodeFrom` to `nodeTo` if inside a content matched by `filter`. - */ -deprecated predicate basicWithContentStep = TypeTrackingImpl::TypeTrackingInput::withContentStep/3; diff --git a/ruby/ql/test/library-tests/frameworks/Twirp/Twirp.ql b/ruby/ql/test/library-tests/frameworks/Twirp/Twirp.ql index fee49cbb48c..2e1382356ab 100644 --- a/ruby/ql/test/library-tests/frameworks/Twirp/Twirp.ql +++ b/ruby/ql/test/library-tests/frameworks/Twirp/Twirp.ql @@ -4,5 +4,3 @@ private import codeql.ruby.DataFlow query predicate sourceTest(Twirp::UnmarshaledParameter source) { any() } query predicate ssrfSinkTest(Twirp::ServiceUrlAsSsrfSink sink) { any() } - -deprecated query predicate serviceInstantiationTest(Twirp::ServiceInstantiation si) { any() } diff --git a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql index 348ca1456e2..994c62c5362 100644 --- a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql +++ b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql @@ -9,22 +9,12 @@ query predicate activeRecordInstances(ActiveRecordInstance i) { any() } query predicate activeRecordSqlExecutionRanges(ActiveRecordSqlExecutionRange range) { any() } -deprecated query predicate activeRecordModelClassMethodCalls(ActiveRecordModelClassMethodCall call) { - any() -} - query predicate activeRecordModelClassMethodCallsReplacement( ActiveRecordModelClass cls, DataFlow::CallNode call ) { call = cls.getClassNode().trackModule().getAMethodCall(_) } -deprecated query predicate potentiallyUnsafeSqlExecutingMethodCall( - PotentiallyUnsafeSqlExecutingMethodCall call -) { - any() -} - query predicate activeRecordModelInstantiations( ActiveRecordModelInstantiation i, ActiveRecordModelClass cls ) { diff --git a/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.ql b/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.ql index f1898ddbc98..cb96ee44d98 100644 --- a/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.ql +++ b/ruby/ql/test/library-tests/frameworks/active_resource/ActiveResource.ql @@ -14,8 +14,6 @@ query predicate modelClasses( query predicate modelClassMethodCalls(ActiveResource::ModelClassMethodCall c) { any() } -deprecated query predicate modelInstances(ActiveResource::ModelInstance c) { any() } - query predicate modelInstancesAsSource( ActiveResource::ModelClassNode cls, DataFlow::LocalSourceNode node ) { @@ -24,6 +22,4 @@ query predicate modelInstancesAsSource( query predicate modelInstanceMethodCalls(ActiveResource::ModelInstanceMethodCall c) { any() } -deprecated query predicate collections(ActiveResource::Collection c) { any() } - query predicate collectionSources(ActiveResource::CollectionSource c) { any() } diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 7c437adabb8..0b6ed84da36 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -703,11 +703,6 @@ module DataFlowMake Lang> { import Impl } - /** DEPRECATED: Use `Global` instead. */ - deprecated module Make implements GlobalFlowSig { - import Global - } - /** * Constructs a global data flow computation using flow state. */ @@ -731,11 +726,6 @@ module DataFlowMake Lang> { import Impl } - /** DEPRECATED: Use `GlobalWithState` instead. */ - deprecated module MakeWithState implements GlobalFlowSig { - import GlobalWithState - } - signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 8247255038c..491d7794382 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -97,11 +97,6 @@ module TaintFlowMake< import DataFlowInternal::Impl } - /** DEPRECATED: Use `Global` instead. */ - deprecated module Make implements DataFlow::GlobalFlowSig { - import Global - } - /** * Constructs a global taint tracking computation using flow state. */ @@ -130,13 +125,6 @@ module TaintFlowMake< import DataFlowInternal::Impl } - /** DEPRECATED: Use `GlobalWithState` instead. */ - deprecated module MakeWithState implements - DataFlow::GlobalFlowSig - { - import GlobalWithState - } - signature int speculationLimitSig(); private module AddSpeculativeTaintSteps< diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index 9fc19c384d8..2b69e583d28 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -4614,9 +4614,6 @@ module MakeImpl Lang> { import S6 - /** DEPRECATED: Use `flowPath` instead. */ - deprecated predicate hasFlowPath = flowPath/2; - /** * Holds if data can flow from `source` to `sink`. */ @@ -4626,25 +4623,16 @@ module MakeImpl Lang> { ) } - /** DEPRECATED: Use `flow` instead. */ - deprecated predicate hasFlow = flow/2; - /** * Holds if data can flow from some source to `sink`. */ predicate flowTo(Node sink) { exists(PathNode n | n.isSink() and n.getNode() = sink) } - /** DEPRECATED: Use `flowTo` instead. */ - deprecated predicate hasFlowTo = flowTo/1; - /** * Holds if data can flow from some source to `sink`. */ predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) } - /** DEPRECATED: Use `flowToExpr` instead. */ - deprecated predicate hasFlowToExpr = flowToExpr/1; - /** * INTERNAL: Only for debugging. * diff --git a/shared/typetracking/codeql/typetracking/TypeTracking.qll b/shared/typetracking/codeql/typetracking/TypeTracking.qll index 691480072d4..7a411adb633 100644 --- a/shared/typetracking/codeql/typetracking/TypeTracking.qll +++ b/shared/typetracking/codeql/typetracking/TypeTracking.qll @@ -137,8 +137,6 @@ module TypeTracking I> { private module ConsistencyChecksInput implements MkImpl::ConsistencyChecksInputSig { } - deprecated module ConsistencyChecks = MkImpl::ConsistencyChecks; - class TypeTracker = MkImpl::TypeTracker; module TypeTracker = MkImpl::TypeTracker; diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index 5487561439e..b36edca04e7 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -830,13 +830,6 @@ module TypeTracking I> { private predicate stepPlus(PathNode n1, PathNode n2) = fastTC(edges/2)(n1, n2) - /** - * DEPRECATED: Use `flowPath` instead. - * - * Holds if there is a path between `source` and `sink`. - */ - deprecated predicate hasFlow(PathNode source, PathNode sink) { flowPath(source, sink) } - /** Holds if there is a path between `source` and `sink`. */ predicate flowPath(PathNode source, PathNode sink) { source.isSource() and diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index faff53f0674..b14bd5d5f59 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -250,11 +250,6 @@ module Content { override string toString() { result = "Collection element" } } - /** - * DEPRECATED: An element of a collection. This is an alias for the general CollectionContent. - */ - deprecated class ArrayContent = CollectionContent; - /** A captured variable. */ class CapturedVariableContent extends Content, TCapturedVariableContent { CapturedVariable v; diff --git a/swift/ql/lib/codeql/swift/regex/Regex.qll b/swift/ql/lib/codeql/swift/regex/Regex.qll index 36be99e4a71..f2abba2e4f2 100644 --- a/swift/ql/lib/codeql/swift/regex/Regex.qll +++ b/swift/ql/lib/codeql/swift/regex/Regex.qll @@ -73,11 +73,6 @@ abstract class RegexCreation extends DataFlow::Node { * such as parse mode flags (if any). */ DataFlow::Node getAnOptionsInput() { none() } - - /** - * DEPRECATED: Use `getAnOptionsInput()` instead. - */ - deprecated DataFlow::Node getOptionsInput() { result = this.getAnOptionsInput() } } /** @@ -309,21 +304,11 @@ abstract class RegexEval extends CallExpr { */ abstract DataFlow::Node getRegexInputNode(); - /** - * DEPRECATED: Use `getRegexInputNode()` instead. - */ - deprecated Expr getRegexInput() { result = this.getRegexInputNode().asExpr() } - /** * Gets the input to this call that is the string the regular expression is evaluated on. */ abstract DataFlow::Node getStringInputNode(); - /** - * DEPRECATED: Use `getStringInputNode()` instead. - */ - deprecated Expr getStringInput() { result = this.getStringInputNode().asExpr() } - /** * Gets a dataflow node for an options input that might contain options such * as parse mode flags (if any).