From 4bc4e0845dede4439d7e27db95b09e4316593b09 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:48:49 +0200 Subject: [PATCH 01/13] delete the deprecated `isBarrierGuard` predicate from the shared dataflow library, and its uses --- .../cpp/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../cpp/dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../cpp/dataflow/internal/DataFlowImpl3.qll | 42 +----------- .../cpp/dataflow/internal/DataFlowImpl4.qll | 42 +----------- .../dataflow/internal/DataFlowImplLocal.qll | 42 +----------- .../cpp/dataflow/internal/DataFlowUtil.qll | 25 ------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../ir/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../ir/dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../ir/dataflow/internal/DataFlowImpl3.qll | 42 +----------- .../ir/dataflow/internal/DataFlowImpl4.qll | 42 +----------- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 32 --------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../tainttracking3/TaintTrackingImpl.qll | 27 -------- .../dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../dataflow/internal/DataFlowImpl3.qll | 42 +----------- .../dataflow/internal/DataFlowImpl4.qll | 42 +----------- .../dataflow/internal/DataFlowImpl5.qll | 42 +----------- .../dataflow/internal/DataFlowPublic.qll | 24 ------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../tainttracking3/TaintTrackingImpl.qll | 27 -------- .../tainttracking4/TaintTrackingImpl.qll | 27 -------- .../tainttracking5/TaintTrackingImpl.qll | 27 -------- .../security/dataflow/UrlRedirectQuery.qll | 11 --- .../csharp/security/dataflow/ZipSlipQuery.qll | 11 --- .../RedirectCheckBarrierGuard.qll | 18 ----- .../dataflow/barrierguardutil/RegexpCheck.qll | 13 ---- .../go/dataflow/barrierguardutil/UrlCheck.qll | 29 -------- .../go/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../go/dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../go/dataflow/internal/DataFlowUtil.qll | 28 -------- .../dataflow/internal/TaintTrackingUtil.qll | 7 -- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../go/security/AllocationSizeOverflow.qll | 8 --- .../AllocationSizeOverflowCustomizations.qll | 7 -- .../semmle/go/security/CommandInjection.qll | 8 --- .../CommandInjectionCustomizations.qll | 7 -- go/ql/lib/semmle/go/security/LogInjection.qll | 4 -- .../security/LogInjectionCustomizations.qll | 7 -- .../semmle/go/security/OpenUrlRedirect.qll | 4 -- .../OpenUrlRedirectCustomizations.qll | 7 -- go/ql/lib/semmle/go/security/ReflectedXss.qll | 4 -- .../security/ReflectedXssCustomizations.qll | 16 ----- .../lib/semmle/go/security/RequestForgery.qll | 4 -- .../security/RequestForgeryCustomizations.qll | 7 -- go/ql/lib/semmle/go/security/SqlInjection.qll | 4 -- .../security/SqlInjectionCustomizations.qll | 7 -- .../lib/semmle/go/security/StoredCommand.qll | 4 -- go/ql/lib/semmle/go/security/StoredXss.qll | 4 -- .../go/security/StoredXssCustomizations.qll | 16 ----- .../go/security/StringBreakCustomizations.qll | 7 -- .../go/security/TaintedPathCustomizations.qll | 17 ----- .../semmle/go/security/UnsafeUnzipSymlink.qll | 8 --- .../UnsafeUnzipSymlinkCustomizations.qll | 21 ------ .../lib/semmle/go/security/XPathInjection.qll | 4 -- .../security/XPathInjectionCustomizations.qll | 7 -- go/ql/lib/semmle/go/security/Xss.qll | 7 -- go/ql/lib/semmle/go/security/ZipSlip.qll | 4 -- .../go/security/ZipSlipCustomizations.qll | 7 -- .../java/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../java/dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../java/dataflow/internal/DataFlowImpl3.qll | 42 +----------- .../java/dataflow/internal/DataFlowImpl4.qll | 42 +----------- .../java/dataflow/internal/DataFlowImpl5.qll | 42 +----------- .../java/dataflow/internal/DataFlowImpl6.qll | 42 +----------- .../java/dataflow/internal/DataFlowUtil.qll | 26 ------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../tainttracking3/TaintTrackingImpl.qll | 27 -------- .../IntentUriPermissionManipulation.qll | 10 --- .../IntentUriPermissionManipulationQuery.qll | 4 -- .../python/dataflow/new/BarrierGuards.qll | 37 ---------- .../dataflow/new/internal/DataFlowImpl1.qll | 42 +----------- .../dataflow/new/internal/DataFlowImpl2.qll | 42 +----------- .../dataflow/new/internal/DataFlowImpl3.qll | 42 +----------- .../dataflow/new/internal/DataFlowImpl4.qll | 42 +----------- .../dataflow/new/internal/DataFlowPublic.qll | 26 ------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../tainttracking2/TaintTrackingImpl.qll | 27 -------- .../tainttracking3/TaintTrackingImpl.qll | 27 -------- .../tainttracking4/TaintTrackingImpl.qll | 27 -------- .../dataflow/CodeInjectionCustomizations.qll | 7 -- .../security/dataflow/CodeInjectionQuery.qll | 4 -- .../CommandInjectionCustomizations.qll | 7 -- .../dataflow/CommandInjectionQuery.qll | 4 -- .../dataflow/LdapInjectionCustomizations.qll | 14 ---- .../security/dataflow/LdapInjectionQuery.qll | 8 --- .../dataflow/LogInjectionCustomizations.qll | 7 -- .../security/dataflow/LogInjectionQuery.qll | 4 -- .../dataflow/PathInjectionCustomizations.qll | 7 -- .../security/dataflow/PathInjectionQuery.qll | 4 -- .../PolynomialReDoSCustomizations.qll | 7 -- .../dataflow/PolynomialReDoSQuery.qll | 4 -- .../dataflow/ReflectedXSSCustomizations.qll | 7 -- .../security/dataflow/ReflectedXssQuery.qll | 4 -- .../dataflow/RegexInjectionCustomizations.qll | 7 -- .../security/dataflow/RegexInjectionQuery.qll | 4 -- ...ServerSideRequestForgeryCustomizations.qll | 7 -- .../ServerSideRequestForgeryQuery.qll | 8 --- .../dataflow/SqlInjectionCustomizations.qll | 7 -- .../security/dataflow/SqlInjectionQuery.qll | 4 -- .../StackTraceExposureCustomizations.qll | 7 -- .../dataflow/StackTraceExposureQuery.qll | 4 -- .../UnsafeDeserializationCustomizations.qll | 7 -- .../dataflow/UnsafeDeserializationQuery.qll | 4 -- .../dataflow/UrlRedirectCustomizations.qll | 7 -- .../security/dataflow/UrlRedirectQuery.qll | 4 -- .../dataflow/XpathInjectionCustomizations.qll | 7 -- .../security/dataflow/XpathInjectionQuery.qll | 4 -- .../InsecureRandomnessCustomizations.qll | 7 -- .../codeql/ruby/dataflow/BarrierGuards.qll | 55 --------------- .../ruby/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../ruby/dataflow/internal/DataFlowImpl2.qll | 42 +----------- .../ruby/dataflow/internal/DataFlowPublic.qll | 67 ------------------- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- .../security/CodeInjectionCustomizations.qll | 7 -- .../ruby/security/CodeInjectionQuery.qll | 4 -- .../security/PathInjectionCustomizations.qll | 7 -- .../ruby/security/PathInjectionQuery.qll | 4 -- .../ruby/security/ReflectedXSSQuery.qll | 4 -- ...ServerSideRequestForgeryCustomizations.qll | 7 -- .../ServerSideRequestForgeryQuery.qll | 4 -- .../codeql/ruby/security/StoredXSSQuery.qll | 4 -- .../security/UrlRedirectCustomizations.qll | 7 -- .../codeql/ruby/security/UrlRedirectQuery.qll | 4 -- ruby/ql/lib/codeql/ruby/security/XSS.qll | 21 ------ .../regexp/PolynomialReDoSCustomizations.qll | 8 --- .../security/regexp/PolynomialReDoSQuery.qll | 4 -- .../regexp/RegExpInjectionCustomizations.qll | 7 -- .../security/regexp/RegExpInjectionQuery.qll | 4 -- .../swift/dataflow/internal/DataFlowImpl1.qll | 42 +----------- .../dataflow/internal/DataFlowPublic.qll | 9 --- .../tainttracking1/TaintTrackingImpl.qll | 27 -------- 138 files changed, 29 insertions(+), 2660 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index bf5a54cd05d..10338b18927 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -874,28 +874,3 @@ module BarrierGuard { ) } } - -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends GuardCondition { - /** Override this predicate to hold if this guard validates `e` upon evaluating to `b`. */ - abstract predicate checks(Expr e, boolean b); - - /** Gets a node guarded by this guard. */ - final ExprNode getAGuardedNode() { - exists(SsaDefinition def, Variable v, boolean branch | - result.getExpr() = def.getAUse(v) and - this.checks(def.getAUse(v), branch) and - this.controls(result.getExpr().getBasicBlock(), branch) - ) - } -} diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 8c6ec0b7612..fd628df907e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -2237,35 +2237,3 @@ module InstructionBarrierGuard { } } -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends Guard { - /** Holds if this guard validates `e` upon evaluating to `v`. */ - abstract predicate checks(Expr e, AbstractValue v); - - /** Gets a node guarded by this guard. */ - final ExprNode getAGuardedNode() { - exists(Expr e, AbstractValue v | - this.checks(e, v) and - this.controlsNode(result.getControlFlowNode(), e, v) - ) - } -} - /** * A reference contained in an object. This is either a field, a property, * or an element in a collection. diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index 56c409b38b5..2def16decd9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -26,13 +26,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard for unvalidated URL redirect vulnerabilities. - */ -abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * DEPRECATED: Use `UrlRedirect` instead. * @@ -46,10 +39,6 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll index b34fdd3d5f9..4b1069eff0e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll @@ -20,13 +20,6 @@ abstract class Sink extends DataFlow::ExprNode { } */ abstract class Sanitizer extends DataFlow::ExprNode { } -/** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard for unsafe zip extraction. - */ -abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * DEPRECATED: Use `ZipSlip` instead. * @@ -40,10 +33,6 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll index 506873d498c..d185f9f78f3 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll @@ -20,21 +20,3 @@ private predicate redirectCheckGuard(DataFlow::Node g, Expr e, boolean outcome) class RedirectCheckBarrier extends DataFlow::Node { RedirectCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `RedirectCheckBarrier` instead. - * - * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is - * considered a barrier guard for sanitizing untrusted URLs. - */ -deprecated class RedirectCheckBarrierGuard extends DataFlow::BarrierGuard, DataFlow::CallNode { - RedirectCheckBarrierGuard() { - this.getCalleeName().regexpMatch("(?i)(is_?)?(local_?url|valid_?redir(ect)?)(ur[li])?") - } - - override predicate checks(Expr e, boolean outcome) { - // `isLocalUrl(e)` is a barrier for `e` if it evaluates to `true` - this.getAnArgument().asExpr() = e and - outcome = true - } -} diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll index 795ffb11c44..8cdc3b2e1ac 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll @@ -31,16 +31,3 @@ class RegexpCheckBarrier extends DataFlow::Node { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `RegexpCheckBarrier` instead. - * - * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs. - * - * This is overapproximate: we do not attempt to reason about the correctness of the regexp. - */ -deprecated class RegexpCheck extends DataFlow::BarrierGuard { - RegexpCheck() { regexpFunctionChecksExpr(this, _, _) } - - override predicate checks(Expr e, boolean branch) { regexpFunctionChecksExpr(this, e, branch) } -} diff --git a/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll b/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll index d84badee3d9..8abcfb327cc 100644 --- a/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll +++ b/go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll @@ -31,32 +31,3 @@ private predicate urlCheck(DataFlow::Node g, Expr e, boolean outcome) { class UrlCheckBarrier extends DataFlow::Node { UrlCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `UrlCheckBarrier` instead. - * - * An equality check comparing a data-flow node against a constant string, considered as - * a barrier guard for sanitizing untrusted URLs. - * - * Additionally, a check comparing `url.Hostname()` against a constant string is also - * considered a barrier guard for `url`. - */ -deprecated class UrlCheck extends DataFlow::BarrierGuard, DataFlow::EqualityTestNode { - DataFlow::Node url; - - UrlCheck() { - exists(this.getAnOperand().getStringValue()) and - ( - url = this.getAnOperand() - or - exists(DataFlow::MethodCallNode mc | mc = this.getAnOperand() | - mc.getTarget().getName() = "Hostname" and - url = mc.getReceiver() - ) - ) - } - - override predicate checks(Expr e, boolean outcome) { - e = url.asExpr() and outcome = this.getPolarity() - } -} diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll index ba0728ff02e..5a76d8592a8 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll @@ -407,34 +407,6 @@ module BarrierGuard { } } -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * When using a data-flow or taint-flow configuration `cfg`, it is important - * that any classes extending BarrierGuard in scope which are not used in `cfg` - * are disjoint from any classes extending BarrierGuard in scope which are used - * in `cfg`. - */ -abstract deprecated class BarrierGuard extends Node { - /** Holds if this guard validates `e` upon evaluating to `branch`. */ - abstract predicate checks(Expr e, boolean branch); - - /** Gets a node guarded by this guard. */ - final Node getAGuardedNode() { - result = BarrierGuard::getABarrierNodeForGuard(this) - } -} - -deprecated private predicate barrierGuardChecks(Node g, Expr e, boolean branch) { - g.(BarrierGuard).checks(e, branch) -} - DataFlow::Node getUniqueOutputNode(FuncDecl fd, FunctionOutput outp) { result = unique(DataFlow::Node n | n = outp.getEntryNode(fd) | n) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 331ff1e41bc..77b9d867121 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -222,13 +222,6 @@ abstract class DefaultTaintSanitizer extends DataFlow::Node { } */ predicate defaultTaintSanitizer(DataFlow::Node node) { node instanceof DefaultTaintSanitizer } -/** - * DEPRECATED: Use `DefaultTaintSanitizer` instead. - * - * A sanitizer guard in all global taint flow configurations but not in local taint. - */ -abstract deprecated class DefaultTaintSanitizerGuard extends DataFlow::BarrierGuard { } - private predicate equalityTestGuard(DataFlow::Node g, Expr e, boolean outcome) { exists(DataFlow::EqualityTestNode eq, DataFlow::Node nonConstNode | eq = g and diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll index 64d4fb96baa..8d01d8b8163 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll @@ -25,10 +25,6 @@ module AllocationSizeOverflow { override predicate isSink(DataFlow::Node nd) { nd = Builtin::len().getACall().getArgument(0) } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } } @@ -81,10 +77,6 @@ module AllocationSizeOverflow { ) } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isSanitizer(DataFlow::Node nd) { nd instanceof Sanitizer } } diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll index 7de78de31e6..13c76a9566a 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll @@ -24,13 +24,6 @@ module AllocationSizeOverflow { abstract DataFlow::Node getAllocationSize(); } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A guard node that prevents allocation-size overflow. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A sanitizer node that prevents allocation-size overflow. */ diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index 12bd1e51296..bde5a443503 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -35,10 +35,6 @@ module CommandInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { @@ -116,10 +112,6 @@ module CommandInjection { node instanceof Sanitizer or node = any(ArgumentArrayWithDoubleDash array).getASanitizedElement() } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module DoubleDashSanitizingConfig implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll index a8f8269a968..bab3fab0fc3 100644 --- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll @@ -29,13 +29,6 @@ module CommandInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for command-injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for command injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/LogInjection.qll b/go/ql/lib/semmle/go/security/LogInjection.qll index 854076d40e7..cb454716a8f 100644 --- a/go/ql/lib/semmle/go/security/LogInjection.qll +++ b/go/ql/lib/semmle/go/security/LogInjection.qll @@ -27,10 +27,6 @@ module LogInjection { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** Config for reasoning about log injection vulnerabilities. */ diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index cb7a4da5b88..0a6885db530 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -25,13 +25,6 @@ module LogInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for log injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for log injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll index b5f3691a8d0..a2cddc031ee 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll @@ -60,10 +60,6 @@ module OpenUrlRedirect { or hostnameSanitizingPrefixEdge(node, _) } - - deprecated override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - guard instanceof BarrierGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index c6fdefd4a2b..5683b7715f8 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -31,13 +31,6 @@ module OpenUrlRedirect { */ abstract class Barrier extends DataFlow::Node { } - /** - * DEPRECATED: Use `Barrier` instead. - * - * A barrier guard for unvalidated URL redirect vulnerabilities. - */ - abstract deprecated class BarrierGuard extends DataFlow::BarrierGuard { } - /** * An additional taint propagation step specific to this query. */ diff --git a/go/ql/lib/semmle/go/security/ReflectedXss.qll b/go/ql/lib/semmle/go/security/ReflectedXss.qll index 3e7e19b9920..a605d78633d 100644 --- a/go/ql/lib/semmle/go/security/ReflectedXss.qll +++ b/go/ql/lib/semmle/go/security/ReflectedXss.qll @@ -32,10 +32,6 @@ module ReflectedXss { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll index bdc2bd0cf1b..71c25d889fa 100644 --- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll +++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll @@ -19,25 +19,9 @@ module ReflectedXss { /** A sanitizer for reflected XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for reflected XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A shared XSS sanitizer as a sanitizer for reflected XSS. */ private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { } - /** A shared XSS sanitizer guard as a sanitizer guard for reflected XSS. */ - deprecated private class SharedXssSanitizerGuard extends SanitizerGuard { - SharedXss::SanitizerGuard self; - - SharedXssSanitizerGuard() { this = self } - - override predicate checks(Expr e, boolean b) { self.checks(e, b) } - } - /** * A third-party controllable input, considered as a flow source for reflected XSS. */ diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index a7c5c457c6c..5f7139a1b44 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -44,10 +44,6 @@ module RequestForgery { super.isSanitizerOut(node) or node instanceof SanitizerEdge } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - super.isSanitizerGuard(guard) or guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index 26aff199a5c..27a54253372 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -32,13 +32,6 @@ module RequestForgery { /** An outgoing sanitizer edge for request forgery vulnerabilities. */ abstract class SanitizerEdge extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for request forgery vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A third-party controllable input, considered as a flow source for request forgery. */ diff --git a/go/ql/lib/semmle/go/security/SqlInjection.qll b/go/ql/lib/semmle/go/security/SqlInjection.qll index 002eea2e990..366a05cf3df 100644 --- a/go/ql/lib/semmle/go/security/SqlInjection.qll +++ b/go/ql/lib/semmle/go/security/SqlInjection.qll @@ -33,10 +33,6 @@ module SqlInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll index 7cd99ab5508..dcdb9fe5fde 100644 --- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll @@ -25,13 +25,6 @@ module SqlInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for SQL-injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, considered as a taint source for SQL injection. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/StoredCommand.qll b/go/ql/lib/semmle/go/security/StoredCommand.qll index 5c8443ee620..4c21a292371 100644 --- a/go/ql/lib/semmle/go/security/StoredCommand.qll +++ b/go/ql/lib/semmle/go/security/StoredCommand.qll @@ -36,10 +36,6 @@ module StoredCommand { super.isSanitizer(node) or node instanceof CommandInjection::Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof CommandInjection::SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/StoredXss.qll b/go/ql/lib/semmle/go/security/StoredXss.qll index ba2b4d4c085..37e4b048910 100644 --- a/go/ql/lib/semmle/go/security/StoredXss.qll +++ b/go/ql/lib/semmle/go/security/StoredXss.qll @@ -32,10 +32,6 @@ module StoredXss { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll index 7d468df2607..1216844f994 100644 --- a/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll +++ b/go/ql/lib/semmle/go/security/StoredXssCustomizations.qll @@ -16,25 +16,9 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for stored XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A shared XSS sanitizer as a sanitizer for stored XSS. */ private class SharedXssSanitizer extends Sanitizer instanceof SharedXss::Sanitizer { } - /** A shared XSS sanitizer guard as a sanitizer guard for stored XSS. */ - deprecated private class SharedXssSanitizerGuard extends SanitizerGuard { - SharedXss::SanitizerGuard self; - - SharedXssSanitizerGuard() { this = self } - - override predicate checks(Expr e, boolean b) { self.checks(e, b) } - } - /** A database query result, considered as a flow source for stored XSS. */ private class DatabaseQueryAsSource extends Source { DatabaseQueryAsSource() { this = any(SQL::Query q).getAResult() } diff --git a/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll b/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll index 60328f89a55..9833fec33e4 100644 --- a/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll +++ b/go/ql/lib/semmle/go/security/StringBreakCustomizations.qll @@ -39,13 +39,6 @@ module StringBreak { Quote getQuote() { any() } } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for unsafe-quoting vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** Holds if `l` contains a `quote` (either single or double). */ private predicate containsQuote(StringOps::ConcatenationLeaf l, Quote quote) { quote = l.getStringValue().regexpFind("['\"]", _, _) diff --git a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll index 0b4c41276d7..42edd470da2 100644 --- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll +++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll @@ -43,23 +43,6 @@ module TaintedPath { } } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for path-traversal vulnerabilities, as a `DataFlow::BarrierGuard`. - * - * Use this class if you want all `TaintedPath::SanitizerGuard`s as a `DataFlow::BarrierGuard`, - * e.g. to use directly in a `DataFlow::Configuration::isSanitizerGuard` method. If you want to - * provide a new instance of a tainted path sanitizer, extend `TaintedPath::SanitizerGuard` instead. - */ - deprecated class SanitizerGuardAsBarrierGuard extends DataFlow::BarrierGuard { - SanitizerGuard guardImpl; - - SanitizerGuardAsBarrierGuard() { this = guardImpl } - - override predicate checks(Expr e, boolean branch) { guardImpl.checks(e, branch) } - } - /** A source of untrusted data, considered as a taint source for path traversal. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll index 354bc70b8c9..2b969ffc4d9 100644 --- a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll +++ b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll @@ -29,10 +29,6 @@ module UnsafeUnzipSymlink { super.isSanitizer(node) or node instanceof EvalSymlinksInvalidator } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof EvalSymlinksInvalidatorGuard - } } // Archive header field symlinks resolved @@ -77,10 +73,6 @@ module UnsafeUnzipSymlink { super.isSanitizer(node) or node instanceof SymlinkSanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SymlinkSanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll index 228f8ecdfc0..3fe37583331 100644 --- a/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll +++ b/go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll @@ -36,16 +36,6 @@ module UnsafeUnzipSymlink { */ abstract class EvalSymlinksInvalidator extends DataFlow::Node { } - /** - * DEPRECATED: Use `EvalSymlinksInvalidator` instead. - * - * A sanitizer guard that prevents reaching an `EvalSymlinksSink`. - * - * This is called an invalidator instead of a sanitizer because reaching a EvalSymlinksSink - * is a good thing from a security perspective. - */ - abstract deprecated class EvalSymlinksInvalidatorGuard extends DataFlow::BarrierGuard { } - /** * A sanitizer for an unsafe symbolic-link unzip vulnerability. * @@ -55,17 +45,6 @@ module UnsafeUnzipSymlink { */ abstract class SymlinkSanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `SymlinkSanitizer` instead. - * - * A sanitizer guard for an unsafe symbolic-link unzip vulnerability. - * - * Extend this to mark a particular path as safe for use in an `os.Symlink` or similar call. - * To exclude a source from the query entirely if it reaches a particular node, extend - * `EvalSymlinksSink` instead. - */ - abstract deprecated class SymlinkSanitizerGuard extends DataFlow::BarrierGuard { } - /** A file name from a zip or tar entry, as a source for unsafe unzipping of symlinks. */ class FileNameSource extends FilenameWithSymlinks, DataFlow::FieldReadNode { FileNameSource() { diff --git a/go/ql/lib/semmle/go/security/XPathInjection.qll b/go/ql/lib/semmle/go/security/XPathInjection.qll index 51e0c90dc89..2e374dfbf24 100644 --- a/go/ql/lib/semmle/go/security/XPathInjection.qll +++ b/go/ql/lib/semmle/go/security/XPathInjection.qll @@ -29,10 +29,6 @@ module XPathInjection { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll index 3e9484506e0..27d0badd68e 100644 --- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll @@ -24,13 +24,6 @@ module XPathInjection { */ abstract class Sanitizer extends DataFlow::ExprNode { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for untrusted user input used in an XPath expression. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of untrusted data, used in an XPath expression. */ class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll index 3310c7a420d..4bd2665eda9 100644 --- a/go/ql/lib/semmle/go/security/Xss.qll +++ b/go/ql/lib/semmle/go/security/Xss.qll @@ -34,13 +34,6 @@ module SharedXss { /** A sanitizer for XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for XSS vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * An expression that is sent as part of an HTTP response body, considered as an * XSS sink. diff --git a/go/ql/lib/semmle/go/security/ZipSlip.qll b/go/ql/lib/semmle/go/security/ZipSlip.qll index bbdc964e529..4a7ba231f0f 100644 --- a/go/ql/lib/semmle/go/security/ZipSlip.qll +++ b/go/ql/lib/semmle/go/security/ZipSlip.qll @@ -27,10 +27,6 @@ module ZipSlip { super.isSanitizer(node) or node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::ConfigSig { diff --git a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll index 276aae4c4db..980c601582e 100644 --- a/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll +++ b/go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll @@ -27,13 +27,6 @@ module ZipSlip { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for zip-slip vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A tar file header, as a source for zip slip. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll index 77bc8693684..0434cc0b7e2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll index 4f48b066055..1e8a3bbcb88 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll @@ -387,29 +387,3 @@ module BarrierGuard { ) } } - -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends Guard { - /** Holds if this guard validates `e` upon evaluating to `branch`. */ - abstract predicate checks(Expr e, boolean branch); - - /** Gets a node guarded by this guard. */ - final Node getAGuardedNode() { - exists(SsaVariable v, boolean branch, RValue use | - this.checks(v.getAUse(), branch) and - use = v.getAUse() and - this.controls(use.getBasicBlock(), branch) and - result.asExpr() = use - ) - } -} diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll index 4842d36e86a..fc897dcc97d 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll @@ -23,16 +23,6 @@ abstract class IntentUriPermissionManipulationSink extends DataFlow::Node { } */ abstract class IntentUriPermissionManipulationSanitizer extends DataFlow::Node { } -/** - * DEPRECATED: Use `IntentUriPermissionManipulationSanitizer` instead. - * - * A guard that makes sure that an Intent is safe to be returned to another Activity. - * - * Usually, this is done by checking that the Intent's data URI and/or its flags contain - * expected values. - */ -abstract deprecated class IntentUriPermissionManipulationGuard extends DataFlow::BarrierGuard { } - /** * An additional taint step for flows related to Intent URI permission manipulation * vulnerabilities. diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index f563b4bf093..2d2867b6dbb 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -26,10 +26,6 @@ deprecated class IntentUriPermissionManipulationConf extends TaintTracking::Conf barrier instanceof IntentUriPermissionManipulationSanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof IntentUriPermissionManipulationGuard - } - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2) } diff --git a/python/ql/lib/semmle/python/dataflow/new/BarrierGuards.qll b/python/ql/lib/semmle/python/dataflow/new/BarrierGuards.qll index 22e788f1723..2d501b3ce17 100644 --- a/python/ql/lib/semmle/python/dataflow/new/BarrierGuards.qll +++ b/python/ql/lib/semmle/python/dataflow/new/BarrierGuards.qll @@ -34,40 +34,3 @@ class StringConstCompareBarrier extends DataFlow::Node { this = DataFlow::BarrierGuard::getABarrierNode() } } - -/** - * DEPRECATED: Use `StringConstCompareBarrier` instead. - * - * A validation of unknown node by comparing with a constant string value. - */ -deprecated class StringConstCompare extends DataFlow::BarrierGuard, CompareNode { - ControlFlowNode checked_node; - boolean safe_branch; - - StringConstCompare() { - exists(StrConst str_const, Cmpop op | - op = any(Eq eq) and safe_branch = true - or - op = any(NotEq ne) and safe_branch = false - | - this.operands(str_const.getAFlowNode(), op, checked_node) - or - this.operands(checked_node, op, str_const.getAFlowNode()) - ) - or - exists(IterableNode str_const_iterable, Cmpop op | - op = any(In in_) and safe_branch = true - or - op = any(NotIn ni) and safe_branch = false - | - forall(ControlFlowNode elem | elem = str_const_iterable.getAnElement() | - elem.getNode() instanceof StrConst - ) and - this.operands(checked_node, op, str_const_iterable) - ) - } - - override predicate checks(ControlFlowNode node, boolean branch) { - node = checked_node and branch = safe_branch - } -} diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll index 77bc8693684..0434cc0b7e2 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll index 77bc8693684..0434cc0b7e2 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll index 49cf972ab04..cc6fb2766fa 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll @@ -580,32 +580,6 @@ module BarrierGuard { } } -/** - * DEPRECATED: Use `BarrierGuard` module instead. - * - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -deprecated class BarrierGuard extends GuardNode { - /** Holds if this guard validates `node` upon evaluating to `branch`. */ - abstract predicate checks(ControlFlowNode node, boolean branch); - - /** Gets a node guarded by this guard. */ - final ExprNode getAGuardedNode() { - exists(EssaDefinition def, ControlFlowNode node, boolean branch | - AdjacentUses::useOfDef(def, node) and - this.checks(node, branch) and - AdjacentUses::useOfDef(def, result.asCfgNode()) and - this.controlsBlock(result.asCfgNode().getBasicBlock(), branch) - ) - } -} - /** * Algebraic datatype for tracking data content associated with values. * Content can be collection elements or object attributes. diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll index 2e4cecf1fd9..c7e59325cd1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll @@ -31,13 +31,6 @@ module CodeInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "code injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll index 3cdb72c383a..ecb0435fec8 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module CodeInjectionConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll index d43095a04f8..1ad6966583e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll @@ -31,13 +31,6 @@ module CommandInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "command injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll index 80ca46dafa9..8874a12132f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll index fbab127511b..6c2b664bd96 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionCustomizations.qll @@ -41,20 +41,6 @@ module LdapInjection { */ abstract class FilterSanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `DnSanitizer` instead. - * - * A sanitizer guard for "ldap injection" vulnerabilities. - */ - abstract deprecated class DnSanitizerGuard extends DataFlow::BarrierGuard { } - - /** - * DEPRECATED: Use `FilterSanitizer` instead. - * - * A sanitizer guard for "ldap injection" vulnerabilities. - */ - abstract deprecated class FilterSanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll index 1ebead95418..9dd24bceddb 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll @@ -27,10 +27,6 @@ deprecated class DnConfiguration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof DnSink } override predicate isSanitizer(DataFlow::Node node) { node instanceof DnSanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof DnSanitizerGuard - } } private module LdapInjectionDnConfig implements DataFlow::ConfigSig { @@ -58,10 +54,6 @@ deprecated class FilterConfiguration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink } override predicate isSanitizer(DataFlow::Node node) { node instanceof FilterSanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof FilterSanitizerGuard - } } private module LdapInjectionFilterConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll index b90dedb899f..2e2c71ee53b 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll @@ -31,13 +31,6 @@ module LogInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "log injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll index 8f91c6e85ee..780c27bb213 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module LogInjectionConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll index b50ff70fde2..929419745d6 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll @@ -42,13 +42,6 @@ module PathInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "path injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll index b185098dcb8..c3ee07d805d 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll @@ -53,10 +53,6 @@ deprecated class Configuration extends TaintTracking::Configuration { state instanceof NormalizedUnchecked } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isAdditionalTaintStep( DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, DataFlow::FlowState stateTo diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll index a6ba053e2d2..23cd4531230 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll @@ -46,13 +46,6 @@ module PolynomialReDoS { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "polynomial regular expression denial of service (ReDoS)" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll index 2279814e49e..3ca67fff82e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module PolynomialReDoSConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll index 3e6f74c84cd..ee2dec407d1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll @@ -32,13 +32,6 @@ module ReflectedXss { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "reflected server-side cross-site scripting" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll index d136c9d16b8..d67c5e3cb39 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module ReflectedXssConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionCustomizations.qll index b40ff37171a..72dc66430b6 100644 --- a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionCustomizations.qll @@ -39,13 +39,6 @@ module RegexInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "regular expression injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll index 168091bf212..d79b76a8685 100644 --- a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll @@ -25,10 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module RegexInjectionConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll index e5a0be727cf..82dfb9ebec2 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll @@ -43,13 +43,6 @@ module ServerSideRequestForgery { */ abstract class FullUrlControlSanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "Server-side request forgery" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll index a6c08185bd1..8bc9194c660 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll @@ -35,10 +35,6 @@ deprecated class FullServerSideRequestForgeryConfiguration extends TaintTracking or node instanceof FullUrlControlSanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** @@ -93,10 +89,6 @@ deprecated class PartialServerSideRequestForgeryConfiguration extends TaintTrack override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } /** diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll index fd2f08934c3..7e0969d854f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll @@ -31,13 +31,6 @@ module SqlInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "SQL injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll index 9b78686fed3..877e30f5090 100644 --- a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module SqlInjectionConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll index c454ff8e994..6dc5414e1c1 100644 --- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureCustomizations.qll @@ -31,13 +31,6 @@ module StackTraceExposure { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "stack trace exposure" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of exception info, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll index 22404903c48..9980aa76ea3 100644 --- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll @@ -25,10 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - // A stack trace is accessible as the `__traceback__` attribute of a caught exception. // see https://docs.python.org/3/reference/datamodel.html#traceback-objects override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll index 94f530f372c..9660f5a32cd 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll @@ -31,13 +31,6 @@ module UnsafeDeserialization { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "code execution from deserialization" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll index d9dfde62bcb..bd067213fb5 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll index b4843f1a8eb..27b4fafd33e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll @@ -31,13 +31,6 @@ module UrlRedirect { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "URL redirection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll index cb1adc21135..e3fd6643bfc 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module UrlRedirectConfig implements DataFlow::ConfigSig { diff --git a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll index 833d25a5f2a..ef30b3f81ce 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionCustomizations.qll @@ -29,13 +29,6 @@ module XpathInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "XPath injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll index 34a34e49ba2..f8a21aedba5 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll @@ -24,10 +24,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module XpathInjectionConfig implements DataFlow::ConfigSig { diff --git a/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll b/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll index cc99b286f8a..f39cbe3fede 100644 --- a/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll +++ b/python/ql/src/experimental/semmle/python/security/InsecureRandomnessCustomizations.qll @@ -29,13 +29,6 @@ module InsecureRandomness { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for random values that are not cryptographically secure. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A random source that is not sufficient for security use. So far this is only made up * of the math package's rand function, more insufficient random sources can be added here. diff --git a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll index 7a4076929e1..6b6c8d3b681 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/BarrierGuards.qll @@ -76,35 +76,6 @@ class StringConstCompareBarrier extends DataFlow::Node { } } -/** - * DEPRECATED: Use `StringConstCompareBarrier` instead. - * - * A validation of value by comparing with a constant string value, for example - * in: - * - * ```rb - * dir = params[:order] - * dir = "DESC" unless dir == "ASC" - * User.order("name #{dir}") - * ``` - * - * the equality operation guards against `dir` taking arbitrary values when used - * in the `order` call. - */ -deprecated class StringConstCompare extends DataFlow::BarrierGuard, - CfgNodes::ExprNodes::ComparisonOperationCfgNode -{ - private CfgNode checkedNode; - // The value of the condition that results in the node being validated. - private boolean checkedBranch; - - StringConstCompare() { stringConstCompare(this, checkedNode, checkedBranch) } - - override predicate checks(CfgNode expr, boolean branch) { - expr = checkedNode and branch = checkedBranch - } -} - cached private predicate stringConstArrayInclusionCall( CfgNodes::AstCfgNode guard, CfgNode testedNode, boolean branch @@ -144,32 +115,6 @@ class StringConstArrayInclusionCallBarrier extends DataFlow::Node { } } -/** - * DEPRECATED: Use `StringConstArrayInclusionCallBarrier` instead. - * - * A validation of a value by checking for inclusion in an array of string - * literal values, for example in: - * - * ```rb - * name = params[:user_name] - * if %w(alice bob charlie).include? name - * User.find_by("username = #{name}") - * end - * ``` - * - * the `include?` call guards against `name` taking arbitrary values when used - * in the `find_by` call. - */ -deprecated class StringConstArrayInclusionCall extends DataFlow::BarrierGuard, - CfgNodes::ExprNodes::MethodCallCfgNode -{ - private CfgNode checkedNode; - - StringConstArrayInclusionCall() { stringConstArrayInclusionCall(this, checkedNode, true) } - - override predicate checks(CfgNode expr, boolean branch) { expr = checkedNode and branch = true } -} - /** * A validation of a value by comparing with a constant string via a `case` * expression. For example: diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll index 77bc8693684..0434cc0b7e2 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 5ee4b74e65e..64798d78f4d 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -882,73 +882,6 @@ private predicate guardControlsBlock(CfgNodes::AstCfgNode guard, BasicBlock bb, ) } -/** - * A guard that validates some expression. - * - * To use this in a configuration, extend the class and provide a - * characteristic predicate precisely specifying the guard, and override - * `checks` to specify what is being validated and in which branch. - * - * It is important that all extending classes in scope are disjoint. - */ -abstract deprecated class BarrierGuard extends CfgNodes::ExprCfgNode { - private ConditionBlock conditionBlock; - - BarrierGuard() { this = conditionBlock.getLastNode() } - - /** Holds if this guard controls block `b` upon evaluating to `branch`. */ - private predicate controlsBlock(BasicBlock bb, boolean branch) { - exists(SuccessorTypes::BooleanSuccessor s | s.getValue() = branch | - conditionBlock.controls(bb, s) - ) - } - - /** - * Holds if this guard validates `expr` upon evaluating to `branch`. - * For example, the following code validates `foo` when the condition - * `foo == "foo"` is true. - * ```ruby - * if foo == "foo" - * do_something - * else - * do_something_else - * end - * ``` - */ - abstract predicate checks(CfgNode expr, boolean branch); - - /** - * Gets an implicit entry definition for a captured variable that - * may be guarded, because a call to the capturing callable is guarded. - * - * This is restricted to calls where the variable is captured inside a - * block. - */ - private Ssa::CapturedEntryDefinition getAMaybeGuardedCapturedDef() { - exists( - boolean branch, CfgNodes::ExprCfgNode testedNode, Ssa::Definition def, - CfgNodes::ExprNodes::CallCfgNode call - | - def.getARead() = testedNode and - this.checks(testedNode, branch) and - this.controlsBlock(call.getBasicBlock(), branch) and - result.getBasicBlock().getScope() = call.getExpr().(MethodCall).getBlock() and - sameSourceVariable(def, result) - ) - } - - final Node getAGuardedNode() { - exists(boolean branch, CfgNodes::ExprCfgNode testedNode, Ssa::Definition def | - def.getARead() = testedNode and - def.getARead() = result.asExpr() and - this.checks(testedNode, branch) and - this.controlsBlock(result.asExpr().getBasicBlock(), branch) - ) - or - result.asExpr() = this.getAMaybeGuardedCapturedDef().getARead() - } -} - /** * A representation of a run-time module or class. * diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ diff --git a/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll index 36a20f150c9..7a3c96e9f64 100644 --- a/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll @@ -109,13 +109,6 @@ module CodeInjection { FlowState::State getAState() { none() } } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "Code injection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/ruby/ql/lib/codeql/ruby/security/CodeInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/CodeInjectionQuery.qll index 9e2ad5faf16..58b150d5712 100644 --- a/ruby/ql/lib/codeql/ruby/security/CodeInjectionQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/CodeInjectionQuery.qll @@ -37,10 +37,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) { node.(Sanitizer).getAFlowState() = state } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module Config implements DataFlow::StateConfigSig { diff --git a/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll index 855cdba0b1f..614d3260994 100644 --- a/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll @@ -28,13 +28,6 @@ module PathInjection { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for path injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/ruby/ql/lib/codeql/ruby/security/PathInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/PathInjectionQuery.qll index 3db3ee63386..1c48d54e424 100644 --- a/ruby/ql/lib/codeql/ruby/security/PathInjectionQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/PathInjectionQuery.qll @@ -27,10 +27,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Path::PathSanitization or node instanceof PathInjection::Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof PathInjection::SanitizerGuard - } } private module PathInjectionConfig implements DataFlow::ConfigSig { diff --git a/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll index c94cc1f5bad..964e75d39dc 100644 --- a/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll @@ -30,10 +30,6 @@ deprecated module ReflectedXss { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { isAdditionalXssTaintStep(node1, node2) } diff --git a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll index b927ec80f5c..07fbf27a268 100644 --- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll @@ -31,13 +31,6 @@ module ServerSideRequestForgery { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "URL redirection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** A source of remote user input, considered as a flow source for server side request forgery. */ class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { } diff --git a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll index 6e4c59a9528..319bbc30d5d 100644 --- a/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryQuery.qll @@ -29,10 +29,6 @@ deprecated class Configuration extends TaintTracking::Configuration { node instanceof StringConstCompareBarrier or node instanceof StringConstArrayInclusionCallBarrier } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } } private module ServerSideRequestForgeryConfig implements DataFlow::ConfigSig { diff --git a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll index b8fc7840a99..7254d12b8fe 100644 --- a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll @@ -35,10 +35,6 @@ deprecated module StoredXss { node instanceof Sanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { isAdditionalXssTaintStep(node1, node2) } diff --git a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll index 230c010d00a..cdbc371967f 100644 --- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll @@ -33,13 +33,6 @@ module UrlRedirect { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "URL redirection" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * Additional taint steps for "URL redirection" vulnerabilities. */ diff --git a/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll b/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll index cfd435a61ee..37334445aa7 100644 --- a/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/UrlRedirectQuery.qll @@ -25,10 +25,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof SanitizerGuard - } - override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { UrlRedirect::isAdditionalTaintStep(node1, node2) } diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll index f84ae0a52c0..c731e8fc245 100644 --- a/ruby/ql/lib/codeql/ruby/security/XSS.qll +++ b/ruby/ql/lib/codeql/ruby/security/XSS.qll @@ -35,13 +35,6 @@ private module Shared { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for "server-side cross-site scripting" vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - private class ErbOutputMethodCallArgumentNode extends DataFlow::Node { private MethodCall call; @@ -260,13 +253,6 @@ module ReflectedXss { /** A sanitizer for stored XSS vulnerabilities. */ class Sanitizer = Shared::Sanitizer; - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for stored XSS vulnerabilities. - */ - deprecated class SanitizerGuard = Shared::SanitizerGuard; - /** * An additional step that is preserves dataflow in the context of reflected XSS. */ @@ -317,13 +303,6 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ class Sanitizer = Shared::Sanitizer; - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for stored XSS vulnerabilities. - */ - deprecated class SanitizerGuard = Shared::SanitizerGuard; - /** * An additional step that preserves dataflow in the context of stored XSS. */ diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll index 57b3deb0726..d8a69babce8 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSCustomizations.qll @@ -48,14 +48,6 @@ module PolynomialReDoS { */ abstract class Sanitizer extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for polynomial regular expression denial of service - * vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A source of remote user input, considered as a flow source. */ diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll index e93ea4a71ab..934f8812019 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll @@ -31,10 +31,6 @@ deprecated module PolynomialReDoS { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } - - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard node) { - node instanceof SanitizerGuard - } } } diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll index 664934fcbdf..468e2727c00 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll @@ -27,13 +27,6 @@ module RegExpInjection { */ abstract class Sink extends DataFlow::Node { } - /** - * DEPRECATED: Use `Sanitizer` instead. - * - * A sanitizer guard for regexp injection vulnerabilities. - */ - abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { } - /** * A data flow sanitized for regexp injection vulnerabilities. */ diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionQuery.qll index 56673bb8e90..353c13a3c2d 100644 --- a/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionQuery.qll @@ -22,10 +22,6 @@ deprecated class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink) { sink instanceof RegExpInjection::Sink } - deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { - guard instanceof RegExpInjection::SanitizerGuard - } - override predicate isSanitizer(DataFlow::Node node) { node instanceof RegExpInjection::Sanitizer } } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll index 77bc8693684..0434cc0b7e2 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll @@ -91,21 +91,6 @@ abstract class Configuration extends string { /** Holds if data flow out of `node` is prohibited. */ predicate isBarrierOut(Node node) { none() } - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - /** * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. */ @@ -225,29 +210,6 @@ abstract private class ConfigurationRecursionPrevention extends Configuration { } } -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - private FlowState relevantState(Configuration config) { config.isSource(_, result) or config.isSink(_, result) or @@ -288,9 +250,7 @@ private module Config implements FullStateConfigSig { predicate isBarrier(Node node, FlowState state) { getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) + getConfig(state).isBarrier(node) } predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index 11d63134029..f8887071451 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -260,12 +260,3 @@ class ContentSet extends TContentSet { /** Gets a content that may be read from when reading from this set. */ Content getAReadContent() { this.isSingleton(result) } } - -/** - * DEPRECATED: Do not use. - */ -abstract deprecated class BarrierGuard extends DataFlowExpr { - BarrierGuard() { none() } - - final Node getAGuardedNode() { none() } -} diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll index bf937b6de31..cadfe492c99 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @@ -116,33 +116,6 @@ abstract class Configuration extends DataFlow::Configuration { final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) } - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() } - - deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { - this.isSanitizerGuard(guard) - } - - /** - * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead. - * - * Holds if taint propagation through nodes guarded by `guard` is prohibited - * when the flow state is `state`. - */ - deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { - none() - } - - deprecated final override predicate isBarrierGuard( - DataFlow::BarrierGuard guard, DataFlow::FlowState state - ) { - this.isSanitizerGuard(guard, state) - } - /** * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow and taint steps. */ From 28f8c1cc11f47ef398e92905431a91e2cdc0292a Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:50:37 +0200 Subject: [PATCH 02/13] update doc example to not use `isBarrierGuard` --- ...-labels-for-precise-data-flow-analysis.rst | 25 ++++++++----------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 8625d637366..06f657d5003 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -139,29 +139,24 @@ is a barrier guard blocking flow through the use of ``data`` on the right-hand s At this point we know that ``data`` has evaluated to a truthy value, so it cannot be ``null`` anymore. -Implementing this additional condition is easy. We implement a subclass of ``DataFlow::BarrierGuardNode``: +Implementing this additional condition is easy. We implement a predicate with the following signature: .. code-block:: ql - class TruthinessCheck extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { - SsaVariable v; - - TruthinessCheck() { - astNode = v.getAUse() - } - - override predicate blocks(boolean outcome, Expr e) { - outcome = true and - e = astNode - } + private predicate truthinessCheck(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) { + exists(SsaVariable v | + g = v.getAUse() and + node = g and + branch = true + ) } -and then use it to override predicate ``isBarrierGuard`` in our configuration class: +and then use it to override predicate ``isBarrier`` in our configuration class: .. code-block:: ql - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TruthinessCheck + override predicate isBarrier(DataFlow::Node node) { + node = DataFlow::BarrierGuard::getABarrierNode() } With this change, we now flag the problematic case and don't flag the unproblematic case above. From 0d992a3d1f29925f966391f4f2a81f5d54a4ab25 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:53:38 +0200 Subject: [PATCH 03/13] delete old deprecated aliases of various regex libraries --- .../java/security/performance/ExponentialBackTracking.qll | 4 ---- .../java/security/performance/PolynomialReDoSQuery.qll | 4 ---- .../semmle/code/java/security/performance/ReDoSUtil.qll | 4 ---- .../java/security/performance/SuperlinearBackTracking.qll | 4 ---- .../security/performance/ExponentialBackTracking.qll | 4 ---- .../javascript/security/performance/PolynomialReDoS.qll | 7 ------- .../security/performance/PolynomialReDoSCustomizations.qll | 4 ---- .../semmle/javascript/security/performance/ReDoSUtil.qll | 4 ---- .../security/performance/SuperlinearBackTracking.qll | 4 ---- .../security/performance/ExponentialBackTracking.qll | 4 ---- .../lib/semmle/python/security/performance/ReDoSUtil.qll | 4 ---- .../security/performance/SuperlinearBackTracking.qll | 4 ---- .../ruby/security/performance/ExponentialBackTracking.qll | 4 ---- .../security/performance/PolynomialReDoSCustomizations.qll | 4 ---- .../ruby/security/performance/PolynomialReDoSQuery.qll | 4 ---- ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll | 4 ---- .../security/performance/RegExpInjectionCustomizations.qll | 4 ---- .../ruby/security/performance/RegExpInjectionQuery.qll | 4 ---- .../ruby/security/performance/SuperlinearBackTracking.qll | 4 ---- 19 files changed, 79 deletions(-) delete mode 100644 java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll delete mode 100644 java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll delete mode 100644 java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll delete mode 100644 java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll delete mode 100644 javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll delete mode 100644 python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll delete mode 100644 python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll delete mode 100644 python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll delete mode 100644 ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll diff --git a/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll deleted file mode 100644 index eb52a4862f9..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.ExponentialBackTracking` instead. */ - -deprecated import semmle.code.java.security.regexp.ExponentialBackTracking as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll b/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll deleted file mode 100644 index f88f7fdc5c4..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/PolynomialReDoSQuery.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.PolynomialReDoSQuery` instead. */ - -deprecated import semmle.code.java.security.regexp.PolynomialReDoSQuery as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll b/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll deleted file mode 100644 index 32014393864..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.NfaUtils` instead. */ - -deprecated import semmle.code.java.security.regexp.NfaUtils as Dep -import Dep diff --git a/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll b/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll deleted file mode 100644 index de0d6201623..00000000000 --- a/java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.code.java.security.regexp.SuperlinearBackTracking` instead. */ - -deprecated import semmle.code.java.security.regexp.SuperlinearBackTracking as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll deleted file mode 100644 index 65b120d21cf..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.javascript.security.regexp.ExponentialBackTracking` instead. */ - -deprecated private import semmle.javascript.security.regexp.ExponentialBackTracking as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll deleted file mode 100644 index ccbd2602772..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoS.qll +++ /dev/null @@ -1,7 +0,0 @@ -/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */ - -import javascript -private import semmle.javascript.security.regexp.PolynomialReDoSQuery as PolynomialReDoSQuery // ignore-query-import - -/** DEPRECATED. Import `PolynomialReDoSQuery` instead. */ -deprecated module PolynomialReDoS = PolynomialReDoSQuery; diff --git a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll deleted file mode 100644 index e1c70e5ac53..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/performance/PolynomialReDoSCustomizations.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.javascript.security.regexp.PolynomialReDoSCustomizations` instead. */ - -deprecated private import semmle.javascript.security.regexp.PolynomialReDoSCustomizations as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll b/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll deleted file mode 100644 index 952e0eda722..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.javascript.security.regexp.NfaUtils` instead. */ - -deprecated private import semmle.javascript.security.regexp.NfaUtils as Dep -import Dep diff --git a/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll b/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll deleted file mode 100644 index ee36f03b116..00000000000 --- a/javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.javascript.security.regexp.SuperlinearBackTracking` instead. */ - -deprecated private import semmle.javascript.security.regexp.SuperlinearBackTracking as Dep -import Dep diff --git a/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll b/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll deleted file mode 100644 index 8fdcea3a25f..00000000000 --- a/python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.python.security.regexp.ExponentialBackTracking` instead. */ - -deprecated import semmle.python.security.regexp.ExponentialBackTracking as Dep -import Dep diff --git a/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll b/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll deleted file mode 100644 index 72d8d60a58e..00000000000 --- a/python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.python.security.regexp.NfaUtils` instead. */ - -deprecated import semmle.python.security.regexp.NfaUtils as Dep -import Dep diff --git a/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll b/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll deleted file mode 100644 index a07544ce6b4..00000000000 --- a/python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `semmle.python.security.regexp.SuperlinearBackTracking` instead. */ - -deprecated import semmle.python.security.regexp.SuperlinearBackTracking as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll deleted file mode 100644 index 72bf6a98492..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.ExponentialBackTracking` instead. */ - -deprecated import codeql.ruby.security.regexp.ExponentialBackTracking as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll deleted file mode 100644 index cd1551d1d7c..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSCustomizations.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSCustomizations` instead. */ - -deprecated import codeql.ruby.security.regexp.PolynomialReDoSCustomizations as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll b/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll deleted file mode 100644 index 2e20705fca7..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/PolynomialReDoSQuery.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.PolynomialReDoSQuery` instead. */ - -deprecated import codeql.ruby.security.regexp.PolynomialReDoSQuery as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll b/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll deleted file mode 100644 index 2f4c9ef2de1..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.NfaUtils` instead. */ - -deprecated import codeql.ruby.security.regexp.NfaUtils as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll deleted file mode 100644 index 5015bff744d..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionCustomizations.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionCustomizations` instead. */ - -deprecated import codeql.ruby.security.regexp.RegExpInjectionCustomizations as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll b/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll deleted file mode 100644 index 690337a8d34..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/RegExpInjectionQuery.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.RegExpInjectionQuery` instead. */ - -deprecated import codeql.ruby.security.regexp.RegExpInjectionQuery as Dep -import Dep diff --git a/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll b/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll deleted file mode 100644 index a9ff4c761f6..00000000000 --- a/ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED. Import `codeql.ruby.security.regexp.SuperlinearBackTracking` instead. */ - -deprecated import codeql.ruby.security.regexp.SuperlinearBackTracking as Dep -import Dep From 1c9f59e49106d1f20566f8f7dbd968023c85fd53 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:55:49 +0200 Subject: [PATCH 04/13] Python:delete deprecated files modelling web frameworks --- python/ql/lib/semmle/python/web/Http.qll | 119 --------------- .../lib/semmle/python/web/HttpConstants.qll | 7 - .../ql/lib/semmle/python/web/HttpRequest.qll | 10 -- .../lib/semmle/python/web/bottle/General.qll | 46 ------ .../lib/semmle/python/web/bottle/Request.qll | 80 ----------- .../semmle/python/web/cherrypy/General.qll | 44 ------ .../semmle/python/web/cherrypy/Request.qll | 41 ------ .../lib/semmle/python/web/django/General.qll | 136 ------------------ .../lib/semmle/python/web/django/Request.qll | 78 ---------- .../lib/semmle/python/web/falcon/General.qll | 46 ------ .../lib/semmle/python/web/falcon/Request.qll | 37 ----- .../lib/semmle/python/web/flask/General.qll | 104 -------------- .../lib/semmle/python/web/flask/Request.qll | 80 ----------- .../lib/semmle/python/web/flask/Response.qll | 55 ------- .../lib/semmle/python/web/pyramid/Request.qll | 25 ---- .../ql/lib/semmle/python/web/pyramid/View.qll | 9 -- .../lib/semmle/python/web/stdlib/Request.qll | 126 ---------------- .../lib/semmle/python/web/tornado/Request.qll | 69 --------- .../lib/semmle/python/web/tornado/Tornado.qll | 50 ------- .../semmle/python/web/turbogears/Request.qll | 26 ---- .../python/web/turbogears/TurboGears.qll | 37 ----- .../lib/semmle/python/web/twisted/Request.qll | 30 ---- .../lib/semmle/python/web/twisted/Twisted.qll | 52 ------- .../lib/semmle/python/web/webob/Request.qll | 38 ----- 24 files changed, 1345 deletions(-) delete mode 100644 python/ql/lib/semmle/python/web/Http.qll delete mode 100644 python/ql/lib/semmle/python/web/HttpConstants.qll delete mode 100644 python/ql/lib/semmle/python/web/HttpRequest.qll delete mode 100644 python/ql/lib/semmle/python/web/bottle/General.qll delete mode 100644 python/ql/lib/semmle/python/web/bottle/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/cherrypy/General.qll delete mode 100644 python/ql/lib/semmle/python/web/cherrypy/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/django/General.qll delete mode 100644 python/ql/lib/semmle/python/web/django/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/falcon/General.qll delete mode 100644 python/ql/lib/semmle/python/web/falcon/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/flask/General.qll delete mode 100644 python/ql/lib/semmle/python/web/flask/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/flask/Response.qll delete mode 100644 python/ql/lib/semmle/python/web/pyramid/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/pyramid/View.qll delete mode 100644 python/ql/lib/semmle/python/web/stdlib/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/tornado/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/tornado/Tornado.qll delete mode 100644 python/ql/lib/semmle/python/web/turbogears/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/turbogears/TurboGears.qll delete mode 100644 python/ql/lib/semmle/python/web/twisted/Request.qll delete mode 100644 python/ql/lib/semmle/python/web/twisted/Twisted.qll delete mode 100644 python/ql/lib/semmle/python/web/webob/Request.qll diff --git a/python/ql/lib/semmle/python/web/Http.qll b/python/ql/lib/semmle/python/web/Http.qll deleted file mode 100644 index 85100e6524e..00000000000 --- a/python/ql/lib/semmle/python/web/Http.qll +++ /dev/null @@ -1,119 +0,0 @@ -import python -import semmle.python.dataflow.Implementation -import semmle.python.security.strings.External -import HttpConstants - -/** Generic taint source from a http request */ -abstract deprecated class HttpRequestTaintSource extends TaintSource { } - -/** - * Taint kind representing the WSGI environment. - * As specified in PEP 3333. https://www.python.org/dev/peps/pep-3333/#environ-variables - */ -deprecated class WsgiEnvironment extends TaintKind { - WsgiEnvironment() { this = "wsgi.environment" } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - result = this and Implementation::copyCall(fromnode, tonode) - or - result = this and - tonode.(CallNode).getFunction().pointsTo(ClassValue::dict()) and - tonode.(CallNode).getArg(0) = fromnode - or - exists(Value key, string text | - tonode.(CallNode).getFunction().(AttrNode).getObject("get") = fromnode and - tonode.(CallNode).getArg(0).pointsTo(key) - or - tonode.(SubscriptNode).getObject() = fromnode and - tonode.isLoad() and - tonode.(SubscriptNode).getIndex().pointsTo(key) - | - key = Value::forString(text) and - result instanceof ExternalStringKind and - ( - text = "QUERY_STRING" or - text = "PATH_INFO" or - text.matches("HTTP\\_%") - ) - ) - } -} - -/** - * A standard morsel object from a HTTP request, a value in a cookie, - * typically an instance of `http.cookies.Morsel` - */ -deprecated class UntrustedMorsel extends TaintKind { - UntrustedMorsel() { this = "http.Morsel" } - - override TaintKind getTaintOfAttribute(string name) { - result instanceof ExternalStringKind and - name = "value" - } -} - -/** A standard cookie object from a HTTP request, typically an instance of `http.cookies.SimpleCookie` */ -deprecated class UntrustedCookie extends TaintKind { - UntrustedCookie() { this = "http.Cookie" } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - tonode.(SubscriptNode).getObject() = fromnode and - result instanceof UntrustedMorsel - } -} - -abstract deprecated class CookieOperation extends @py_flow_node { - /** Gets a textual representation of this element. */ - abstract string toString(); - - abstract ControlFlowNode getKey(); - - abstract ControlFlowNode getValue(); -} - -abstract deprecated class CookieGet extends CookieOperation { } - -abstract deprecated class CookieSet extends CookieOperation { } - -/** Generic taint sink in a http response */ -abstract deprecated class HttpResponseTaintSink extends TaintSink { - override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind } -} - -abstract deprecated class HttpRedirectTaintSink extends TaintSink { - override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind } -} - -deprecated module Client { - // TODO: user-input in other than URL: - // - `data`, `json` for `requests.post` - // - `body` for `HTTPConnection.request` - // - headers? - // TODO: Add more library support - // - urllib3 https://github.com/urllib3/urllib3 - // - httpx https://github.com/encode/httpx - /** - * An outgoing http request - * - * For example: - * conn = HTTPConnection('example.com') - * conn.request('GET', '/path') - */ - abstract class HttpRequest extends ControlFlowNode { - /** - * Get any ControlFlowNode that is used to construct the final URL. - * - * In the HTTPConnection example, there is a result for both `'example.com'` and for `'/path'`. - */ - abstract ControlFlowNode getAUrlPart(); - - abstract string getMethodUpper(); - } - - /** Taint sink for the URL-part of an outgoing http request */ - class HttpRequestUrlTaintSink extends TaintSink { - HttpRequestUrlTaintSink() { this = any(HttpRequest r).getAUrlPart() } - - override predicate sinks(TaintKind kind) { kind instanceof ExternalStringKind } - } -} diff --git a/python/ql/lib/semmle/python/web/HttpConstants.qll b/python/ql/lib/semmle/python/web/HttpConstants.qll deleted file mode 100644 index e5cebb57729..00000000000 --- a/python/ql/lib/semmle/python/web/HttpConstants.qll +++ /dev/null @@ -1,7 +0,0 @@ -/** Gets an HTTP verb, in upper case */ -deprecated string httpVerb() { - result in ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"] -} - -/** Gets an HTTP verb, in lower case */ -deprecated string httpVerbLower() { result = httpVerb().toLowerCase() } diff --git a/python/ql/lib/semmle/python/web/HttpRequest.qll b/python/ql/lib/semmle/python/web/HttpRequest.qll deleted file mode 100644 index 88dd36049b4..00000000000 --- a/python/ql/lib/semmle/python/web/HttpRequest.qll +++ /dev/null @@ -1,10 +0,0 @@ -import semmle.python.web.django.Request -import semmle.python.web.flask.Request -import semmle.python.web.tornado.Request -import semmle.python.web.pyramid.Request -import semmle.python.web.twisted.Request -import semmle.python.web.bottle.Request -import semmle.python.web.turbogears.Request -import semmle.python.web.falcon.Request -import semmle.python.web.cherrypy.Request -import semmle.python.web.stdlib.Request diff --git a/python/ql/lib/semmle/python/web/bottle/General.qll b/python/ql/lib/semmle/python/web/bottle/General.qll deleted file mode 100644 index cbb42c97305..00000000000 --- a/python/ql/lib/semmle/python/web/bottle/General.qll +++ /dev/null @@ -1,46 +0,0 @@ -import python -import semmle.python.web.Http -import semmle.python.types.Extensions - -/** Gets the bottle module */ -deprecated ModuleValue theBottleModule() { result = Module::named("bottle") } - -/** Gets the bottle.Bottle class */ -deprecated ClassValue theBottleClass() { result = theBottleModule().attr("Bottle") } - -/** - * Holds if `route` is routed to `func` - * by decorating `func` with `app.route(route)` or `route(route)` - */ -deprecated predicate bottle_route(CallNode route_call, ControlFlowNode route, Function func) { - exists(CallNode decorator_call, string name | - route_call.getFunction().(AttrNode).getObject(name).pointsTo().getClass() = theBottleClass() or - route_call.getFunction().pointsTo(theBottleModule().attr(name)) - | - (name = "route" or name = httpVerbLower()) and - decorator_call.getFunction() = route_call and - route_call.getArg(0) = route and - decorator_call.getArg(0).getNode().(FunctionExpr).getInnerScope() = func - ) -} - -deprecated class BottleRoute extends ControlFlowNode { - BottleRoute() { bottle_route(this, _, _) } - - string getUrl() { - exists(StrConst url | - bottle_route(this, url.getAFlowNode(), _) and - result = url.getText() - ) - } - - Function getFunction() { bottle_route(this, _, result) } - - Parameter getANamedArgument() { - exists(string name, Function func | - func = this.getFunction() and - func.getArgByName(name) = result and - this.getUrl().matches("%<" + name + ">%") - ) - } -} diff --git a/python/ql/lib/semmle/python/web/bottle/Request.qll b/python/ql/lib/semmle/python/web/bottle/Request.qll deleted file mode 100644 index 3de4748b30e..00000000000 --- a/python/ql/lib/semmle/python/web/bottle/Request.qll +++ /dev/null @@ -1,80 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.security.strings.External -import semmle.python.web.Http -import semmle.python.web.bottle.General - -deprecated private Value theBottleRequestObject() { result = theBottleModule().attr("request") } - -deprecated class BottleRequestKind extends TaintKind { - BottleRequestKind() { this = "bottle.request" } - - override TaintKind getTaintOfAttribute(string name) { - result instanceof BottleFormsDict and - (name = "cookies" or name = "query" or name = "form") - or - result instanceof ExternalStringKind and - (name = "query_string" or name = "url_args") - or - result.(DictKind).getValue() instanceof FileUpload and - name = "files" - } -} - -deprecated private class RequestSource extends HttpRequestTaintSource { - RequestSource() { this.(ControlFlowNode).pointsTo(theBottleRequestObject()) } - - override predicate isSourceOf(TaintKind kind) { kind instanceof BottleRequestKind } -} - -deprecated class BottleFormsDict extends TaintKind { - BottleFormsDict() { this = "bottle.FormsDict" } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - /* Cannot use `getTaintOfAttribute(name)` as it wouldn't bind `name` */ - exists(string name | - fromnode = tonode.(AttrNode).getObject(name) and - result instanceof ExternalStringKind - | - name != "get" and name != "getunicode" and name != "getall" - ) - } - - override TaintKind getTaintOfMethodResult(string name) { - (name = "get" or name = "getunicode") and - result instanceof ExternalStringKind - or - name = "getall" and result.(SequenceKind).getItem() instanceof ExternalStringKind - } -} - -deprecated class FileUpload extends TaintKind { - FileUpload() { this = "bottle.FileUpload" } - - override TaintKind getTaintOfAttribute(string name) { - name = "filename" and result instanceof ExternalStringKind - or - name = "raw_filename" and result instanceof ExternalStringKind - or - name = "file" and result instanceof UntrustedFile - } -} - -deprecated class UntrustedFile extends TaintKind { - UntrustedFile() { this = "Untrusted file" } -} - -// -// TO DO.. File uploads -- Should check about file uploads for other frameworks as well. -// Move UntrustedFile to shared location -// -/** A parameter to a bottle request handler function */ -deprecated class BottleRequestParameter extends HttpRequestTaintSource { - BottleRequestParameter() { - exists(BottleRoute route | route.getANamedArgument() = this.(ControlFlowNode).getNode()) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } - - override string toString() { result = "bottle handler function argument" } -} diff --git a/python/ql/lib/semmle/python/web/cherrypy/General.qll b/python/ql/lib/semmle/python/web/cherrypy/General.qll deleted file mode 100644 index 40becc70a50..00000000000 --- a/python/ql/lib/semmle/python/web/cherrypy/General.qll +++ /dev/null @@ -1,44 +0,0 @@ -import python -import semmle.python.web.Http - -deprecated module CherryPy { - FunctionValue expose() { result = Value::named("cherrypy.expose") } -} - -deprecated class CherryPyExposedFunction extends Function { - CherryPyExposedFunction() { - this.getADecorator().pointsTo(CherryPy::expose()) - or - this.getADecorator().(Call).getFunc().pointsTo(CherryPy::expose()) - } -} - -deprecated class CherryPyRoute extends CallNode { - CherryPyRoute() { - /* cherrypy.quickstart(root, script_name, config) */ - Value::named("cherrypy.quickstart").(FunctionValue).getACall() = this - or - /* cherrypy.tree.mount(root, script_name, config) */ - this.getFunction().(AttrNode).getObject("mount").pointsTo(Value::named("cherrypy.tree")) - } - - ClassValue getAppClass() { - this.getArg(0).pointsTo().getClass() = result - or - this.getArgByName("root").pointsTo().getClass() = result - } - - string getPath() { - exists(Value path | path = Value::forString(result) | - this.getArg(1).pointsTo(path) - or - this.getArgByName("script_name").pointsTo(path) - ) - } - - ClassValue getConfig() { - this.getArg(2).pointsTo().getClass() = result - or - this.getArgByName("config").pointsTo().getClass() = result - } -} diff --git a/python/ql/lib/semmle/python/web/cherrypy/Request.qll b/python/ql/lib/semmle/python/web/cherrypy/Request.qll deleted file mode 100644 index b3c096f8bdd..00000000000 --- a/python/ql/lib/semmle/python/web/cherrypy/Request.qll +++ /dev/null @@ -1,41 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.security.strings.Basic -import semmle.python.web.Http -import semmle.python.web.cherrypy.General - -/** The cherrypy.request local-proxy object */ -deprecated class CherryPyRequest extends TaintKind { - CherryPyRequest() { this = "cherrypy.request" } - - override TaintKind getTaintOfAttribute(string name) { - name = "params" and result instanceof ExternalStringDictKind - or - name = "cookie" and result instanceof UntrustedCookie - } - - override TaintKind getTaintOfMethodResult(string name) { - name in ["getHeader", "getCookie", "getUser", "getPassword"] and - result instanceof ExternalStringKind - } -} - -deprecated class CherryPyExposedFunctionParameter extends HttpRequestTaintSource { - CherryPyExposedFunctionParameter() { - exists(Parameter p | - p = any(CherryPyExposedFunction f).getAnArg() and - not p.isSelf() and - p.asName().getAFlowNode() = this - ) - } - - override string toString() { result = "CherryPy handler function parameter" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } -} - -deprecated class CherryPyRequestSource extends HttpRequestTaintSource { - CherryPyRequestSource() { this.(ControlFlowNode).pointsTo(Value::named("cherrypy.request")) } - - override predicate isSourceOf(TaintKind kind) { kind instanceof CherryPyRequest } -} diff --git a/python/ql/lib/semmle/python/web/django/General.qll b/python/ql/lib/semmle/python/web/django/General.qll deleted file mode 100644 index 1b179b35f9a..00000000000 --- a/python/ql/lib/semmle/python/web/django/General.qll +++ /dev/null @@ -1,136 +0,0 @@ -import python -import semmle.python.regex -import semmle.python.web.Http - -// TODO: Since django uses `path = partial(...)`, our analysis doesn't understand this is -// a FunctionValue, so we can't use `FunctionValue.getArgumentForCall` -// https://github.com/django/django/blob/master/django/urls/conf.py#L76 -abstract deprecated class DjangoRoute extends CallNode { - DjangoViewHandler getViewHandler() { - result = view_handler_from_view_arg(this.getArg(1)) - or - result = view_handler_from_view_arg(this.getArgByName("view")) - } - - abstract string getANamedArgument(); - - /** - * Get the number of positional arguments that will be passed to the view. - * Will only return a result if there are no named arguments. - */ - abstract int getNumPositionalArguments(); -} - -/** - * For function based views -- also see `DjangoClassBasedViewHandler` - * https://docs.djangoproject.com/en/1.11/topics/http/views/ - * https://docs.djangoproject.com/en/3.0/topics/http/views/ - */ -deprecated class DjangoViewHandler extends PythonFunctionValue { - /** Gets the index of the 'request' argument */ - int getRequestArgIndex() { result = 0 } -} - -/** - * Class based views - * https://docs.djangoproject.com/en/1.11/topics/class-based-views/ - * https://docs.djangoproject.com/en/3.0/topics/class-based-views/ - */ -deprecated private class DjangoViewClass extends ClassValue { - DjangoViewClass() { - Value::named("django.views.generic.View") = this.getASuperType() - or - Value::named("django.views.View") = this.getASuperType() - } -} - -deprecated class DjangoClassBasedViewHandler extends DjangoViewHandler { - DjangoClassBasedViewHandler() { exists(DjangoViewClass cls | cls.lookup(httpVerbLower()) = this) } - - override int getRequestArgIndex() { - // due to `self` being the first parameter - result = 1 - } -} - -/** - * Gets the function that will handle requests when `view_arg` is used as the view argument to a - * django route. That is, this methods handles Class-based Views and its `as_view()` function. - */ -deprecated private DjangoViewHandler view_handler_from_view_arg(ControlFlowNode view_arg) { - // Function-based view - result = view_arg.pointsTo() - or - // Class-based view - exists(ClassValue cls | - cls = view_arg.(CallNode).getFunction().(AttrNode).getObject("as_view").pointsTo() and - result = cls.lookup(httpVerbLower()) - ) -} - -// We need this "dummy" class, since otherwise the regex argument would not be considered -// a regex (RegexString is abstract) -deprecated class DjangoRouteRegex extends RegexString { - DjangoRouteRegex() { exists(DjangoRegexRoute route | route.getRouteArg() = this.getAFlowNode()) } -} - -deprecated class DjangoRegexRoute extends DjangoRoute { - ControlFlowNode route; - - DjangoRegexRoute() { - exists(FunctionValue route_maker | - // Django 1.x: https://docs.djangoproject.com/en/1.11/ref/urls/#django.conf.urls.url - Value::named("django.conf.urls.url") = route_maker and - route_maker.getArgumentForCall(this, 0) = route - ) - or - // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#re-path - this = Value::named("django.urls.re_path").getACall() and - ( - route = this.getArg(0) - or - route = this.getArgByName("route") - ) - } - - ControlFlowNode getRouteArg() { result = route } - - override string getANamedArgument() { - exists(DjangoRouteRegex regex | regex.getAFlowNode() = route | - result = regex.getGroupName(_, _) - ) - } - - override int getNumPositionalArguments() { - not exists(this.getANamedArgument()) and - exists(DjangoRouteRegex regex | regex.getAFlowNode() = route | - result = count(regex.getGroupNumber(_, _)) - ) - } -} - -deprecated class DjangoPathRoute extends DjangoRoute { - ControlFlowNode route; - - DjangoPathRoute() { - // Django 2.x and 3.x: https://docs.djangoproject.com/en/3.0/ref/urls/#path - this = Value::named("django.urls.path").getACall() and - ( - route = this.getArg(0) - or - route = this.getArgByName("route") - ) - } - - override string getANamedArgument() { - // regexp taken from django: - // https://github.com/django/django/blob/7d1bf29977bb368d7c28e7c6eb146db3b3009ae7/django/urls/resolvers.py#L199 - exists(StrConst route_str, string match | - route_str = route.getNode() and - match = route_str.getText().regexpFind("<(?:(?[^>:]+):)?(?\\w+)>", _, _) and - result = match.regexpCapture("<(?:(?[^>:]+):)?(?\\w+)>", 2) - ) - } - - override int getNumPositionalArguments() { none() } -} diff --git a/python/ql/lib/semmle/python/web/django/Request.qll b/python/ql/lib/semmle/python/web/django/Request.qll deleted file mode 100644 index 7e7358595e5..00000000000 --- a/python/ql/lib/semmle/python/web/django/Request.qll +++ /dev/null @@ -1,78 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -import semmle.python.web.django.General - -/** A django.request.HttpRequest object */ -deprecated class DjangoRequest extends TaintKind { - DjangoRequest() { this = "django.request.HttpRequest" } - - override TaintKind getTaintOfAttribute(string name) { - (name = "GET" or name = "POST") and - result instanceof DjangoQueryDict - } - - override TaintKind getTaintOfMethodResult(string name) { - (name = "body" or name = "path") and - result instanceof ExternalStringKind - } -} - -/* Helper for getTaintForStep() */ -pragma[noinline] -deprecated private predicate subscript_taint(SubscriptNode sub, ControlFlowNode obj, TaintKind kind) { - sub.getObject() = obj and - kind instanceof ExternalStringKind -} - -/** A django.request.QueryDict object */ -deprecated class DjangoQueryDict extends TaintKind { - DjangoQueryDict() { this = "django.http.request.QueryDict" } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - this.taints(fromnode) and - subscript_taint(tonode, fromnode, result) - } - - override TaintKind getTaintOfMethodResult(string name) { - name = "get" and result instanceof ExternalStringKind - } -} - -/** A Django request parameter */ -deprecated class DjangoRequestSource extends HttpRequestTaintSource { - DjangoRequestSource() { - exists(DjangoRoute route, DjangoViewHandler view, int request_arg_index | - route.getViewHandler() = view and - request_arg_index = view.getRequestArgIndex() and - this = view.getScope().getArg(request_arg_index).asName().getAFlowNode() - ) - } - - override string toString() { result = "Django request source" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof DjangoRequest } -} - -/** An argument specified in a url routing table */ -deprecated class DjangoRequestParameter extends HttpRequestTaintSource { - DjangoRequestParameter() { - exists(DjangoRoute route, Function f, DjangoViewHandler view, int request_arg_index | - route.getViewHandler() = view and - request_arg_index = view.getRequestArgIndex() and - f = view.getScope() - | - this.(ControlFlowNode).getNode() = f.getArgByName(route.getANamedArgument()) - or - exists(int i | i >= 0 | - i < route.getNumPositionalArguments() and - // +1 because first argument is always the request - this.(ControlFlowNode).getNode() = f.getArg(request_arg_index + 1 + i) - ) - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } - - override string toString() { result = "django.http.request.parameter" } -} diff --git a/python/ql/lib/semmle/python/web/falcon/General.qll b/python/ql/lib/semmle/python/web/falcon/General.qll deleted file mode 100644 index 5f9cce57611..00000000000 --- a/python/ql/lib/semmle/python/web/falcon/General.qll +++ /dev/null @@ -1,46 +0,0 @@ -import python -import semmle.python.web.Http - -/** Gets the falcon API class */ -deprecated ClassValue theFalconAPIClass() { result = Value::named("falcon.API") } - -/** Holds if `route` is routed to `resource` */ -deprecated private predicate api_route( - CallNode route_call, ControlFlowNode route, ClassValue resource -) { - route_call.getFunction().(AttrNode).getObject("add_route").pointsTo().getClass() = - theFalconAPIClass() and - route_call.getArg(0) = route and - route_call.getArg(1).pointsTo().getClass() = resource -} - -deprecated private predicate route(FalconRoute route, Function target, string funcname) { - route.getResourceClass().lookup("on_" + funcname).(FunctionValue).getScope() = target -} - -deprecated class FalconRoute extends ControlFlowNode { - FalconRoute() { api_route(this, _, _) } - - string getUrl() { - exists(StrConst url | - api_route(this, url.getAFlowNode(), _) and - result = url.getText() - ) - } - - ClassValue getResourceClass() { api_route(this, _, result) } - - FalconHandlerFunction getHandlerFunction(string method) { route(this, result, method) } -} - -deprecated class FalconHandlerFunction extends Function { - FalconHandlerFunction() { route(_, this, _) } - - private string methodName() { route(_, this, result) } - - string getMethod() { result = this.methodName().toUpperCase() } - - Parameter getRequest() { result = this.getArg(1) } - - Parameter getResponse() { result = this.getArg(2) } -} diff --git a/python/ql/lib/semmle/python/web/falcon/Request.qll b/python/ql/lib/semmle/python/web/falcon/Request.qll deleted file mode 100644 index ac4c92f3ad0..00000000000 --- a/python/ql/lib/semmle/python/web/falcon/Request.qll +++ /dev/null @@ -1,37 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -import semmle.python.web.falcon.General - -/** https://falcon.readthedocs.io/en/stable/api/request_and_response.html */ -deprecated class FalconRequest extends TaintKind { - FalconRequest() { this = "falcon.request" } - - override TaintKind getTaintOfAttribute(string name) { - name = "env" and result instanceof WsgiEnvironment - or - result instanceof ExternalStringKind and - name in ["uri", "url", "forwarded_uri", "relative_uri", "query_string"] - or - result instanceof ExternalStringDictKind and - (name = "cookies" or name = "params") - or - name = "stream" and result instanceof ExternalFileObject - } - - override TaintKind getTaintOfMethodResult(string name) { - name = "get_param" and result instanceof ExternalStringKind - or - name = "get_param_as_json" and result instanceof ExternalJsonKind - or - name = "get_param_as_list" and result instanceof ExternalStringSequenceKind - } -} - -deprecated class FalconRequestParameter extends HttpRequestTaintSource { - FalconRequestParameter() { - exists(FalconHandlerFunction f | f.getRequest() = this.(ControlFlowNode).getNode()) - } - - override predicate isSourceOf(TaintKind k) { k instanceof FalconRequest } -} diff --git a/python/ql/lib/semmle/python/web/flask/General.qll b/python/ql/lib/semmle/python/web/flask/General.qll deleted file mode 100644 index cc4d992f9ff..00000000000 --- a/python/ql/lib/semmle/python/web/flask/General.qll +++ /dev/null @@ -1,104 +0,0 @@ -import python -import semmle.python.web.Http -import semmle.python.web.flask.Response - -/** Gets the flask app class */ -deprecated ClassValue theFlaskClass() { result = Value::named("flask.Flask") } - -/** Gets the flask MethodView class */ -deprecated ClassValue theFlaskMethodViewClass() { result = Value::named("flask.views.MethodView") } - -deprecated ClassValue theFlaskReponseClass() { result = Value::named("flask.Response") } - -/** - * Holds if `route` is routed to `func` - * by decorating `func` with `app.route(route)` - */ -deprecated predicate app_route(ControlFlowNode route, Function func) { - exists(CallNode route_call, CallNode decorator_call | - route_call.getFunction().(AttrNode).getObject("route").pointsTo().getClass() = theFlaskClass() and - decorator_call.getFunction() = route_call and - route_call.getArg(0) = route and - decorator_call.getArg(0).getNode().(FunctionExpr).getInnerScope() = func - ) -} - -/* Helper for add_url_rule */ -deprecated private predicate add_url_rule_call(ControlFlowNode regex, ControlFlowNode callable) { - exists(CallNode call | - call.getFunction().(AttrNode).getObject("add_url_rule").pointsTo().getClass() = theFlaskClass() and - regex = call.getArg(0) - | - callable = call.getArg(2) or - callable = call.getArgByName("view_func") - ) -} - -/** Holds if urls matching `regex` are routed to `func` */ -deprecated predicate add_url_rule(ControlFlowNode regex, Function func) { - exists(ControlFlowNode callable | add_url_rule_call(regex, callable) | - exists(PythonFunctionValue f | f.getScope() = func and callable.pointsTo(f)) - or - /* MethodView.as_view() */ - exists(MethodViewClass view_cls | view_cls.asTaint().taints(callable) | - func = view_cls.lookup(httpVerbLower()).(FunctionValue).getScope() - ) - /* TODO: -- Handle Views that aren't MethodViews */ - ) -} - -/** - * Holds if urls matching `regex` are routed to `func` using - * any of flask's routing mechanisms. - */ -deprecated predicate flask_routing(ControlFlowNode regex, Function func) { - app_route(regex, func) - or - add_url_rule(regex, func) -} - -/** A class that extends flask.views.MethodView */ -deprecated private class MethodViewClass extends ClassValue { - MethodViewClass() { this.getASuperType() = theFlaskMethodViewClass() } - - /* As we are restricted to strings for taint kinds, we need to map these classes to strings. */ - string taintString() { result = "flask/" + this.getQualifiedName() + ".as.view" } - - /* As we are restricted to strings for taint kinds, we need to map these classes to strings. */ - TaintKind asTaint() { result = this.taintString() } -} - -deprecated private class MethodViewTaint extends TaintKind { - MethodViewTaint() { any(MethodViewClass cls).taintString() = this } -} - -/** A source of method view "taint"s. */ -deprecated private class AsView extends TaintSource { - AsView() { - exists(ClassValue view_class | - view_class.getASuperType() = theFlaskMethodViewClass() and - this.(CallNode).getFunction().(AttrNode).getObject("as_view").pointsTo(view_class) - ) - } - - override string toString() { result = "flask.MethodView.as_view()" } - - override predicate isSourceOf(TaintKind kind) { - exists(MethodViewClass view_class | - kind = view_class.asTaint() and - this.(CallNode).getFunction().(AttrNode).getObject("as_view").pointsTo(view_class) - ) - } -} - -deprecated class FlaskCookieSet extends CookieSet, CallNode { - FlaskCookieSet() { - any(FlaskResponseTaintKind t).taints(this.getFunction().(AttrNode).getObject("set_cookie")) - } - - override string toString() { result = CallNode.super.toString() } - - override ControlFlowNode getKey() { result = this.getArg(0) } - - override ControlFlowNode getValue() { result = this.getArg(1) } -} diff --git a/python/ql/lib/semmle/python/web/flask/Request.qll b/python/ql/lib/semmle/python/web/flask/Request.qll deleted file mode 100644 index ea9a59dc45e..00000000000 --- a/python/ql/lib/semmle/python/web/flask/Request.qll +++ /dev/null @@ -1,80 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -import semmle.python.web.flask.General - -deprecated private Value theFlaskRequestObject() { result = Value::named("flask.request") } - -/** Holds if `attr` is an access of attribute `name` of the flask request object */ -deprecated private predicate flask_request_attr(AttrNode attr, string name) { - attr.isLoad() and - attr.getObject(name).pointsTo(theFlaskRequestObject()) -} - -/** Source of external data from a flask request */ -deprecated class FlaskRequestData extends HttpRequestTaintSource { - FlaskRequestData() { - not this instanceof FlaskRequestArgs and - exists(string name | flask_request_attr(this, name) | - name in ["path", "full_path", "base_url", "url"] - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } - - override string toString() { result = "flask.request" } -} - -/** Source of dictionary whose values are externally controlled */ -deprecated class FlaskRequestArgs extends HttpRequestTaintSource { - FlaskRequestArgs() { - exists(string attr | flask_request_attr(this, attr) | - attr in ["args", "form", "values", "files", "headers", "json"] - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind } - - override string toString() { result = "flask.request.args" } -} - -/** Source of dictionary whose values are externally controlled */ -deprecated class FlaskRequestJson extends HttpRequestTaintSource { - FlaskRequestJson() { flask_request_attr(this, "json") } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalJsonKind } - - override string toString() { result = "flask.request.json" } -} - -/** - * A parameter to a flask request handler, that can capture a part of the URL (as specified in - * the url-pattern of a route). - * - * For example, the `name` parameter in: - * ``` - * @app.route('/hello/') - * def hello(name): - * ``` - */ -deprecated class FlaskRoutedParameter extends HttpRequestTaintSource { - FlaskRoutedParameter() { - exists(string name, Function func, StrConst url_pattern | - this.(ControlFlowNode).getNode() = func.getArgByName(name) and - flask_routing(url_pattern.getAFlowNode(), func) and - exists(string match | - match = url_pattern.getS().regexpFind(werkzeug_rule_re(), _, _) and - name = match.regexpCapture(werkzeug_rule_re(), 4) - ) - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } -} - -deprecated private string werkzeug_rule_re() { - // since flask uses werkzeug internally, we are using its routing rules from - // https://github.com/pallets/werkzeug/blob/4dc8d6ab840d4b78cbd5789cef91b01e3bde01d5/src/werkzeug/routing.py#L138-L151 - result = - "(?[^<]*)<(?:(?[a-zA-Z_][a-zA-Z0-9_]*)(?:\\((?.*?)\\))?\\:)?(?[a-zA-Z_][a-zA-Z0-9_]*)>" -} diff --git a/python/ql/lib/semmle/python/web/flask/Response.qll b/python/ql/lib/semmle/python/web/flask/Response.qll deleted file mode 100644 index 1e489c56b46..00000000000 --- a/python/ql/lib/semmle/python/web/flask/Response.qll +++ /dev/null @@ -1,55 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.security.strings.Basic -import semmle.python.web.flask.General - -/** - * A flask response, which is vulnerable to any sort of - * http response malice. - */ -deprecated class FlaskRoutedResponse extends HttpResponseTaintSink { - FlaskRoutedResponse() { - exists(PythonFunctionValue response | - flask_routing(_, response.getScope()) and - this = response.getAReturnedNode() - ) - } - - override predicate sinks(TaintKind kind) { kind instanceof StringKind } - - override string toString() { result = "flask.routed.response" } -} - -deprecated class FlaskResponseArgument extends HttpResponseTaintSink { - FlaskResponseArgument() { - exists(CallNode call | - ( - call.getFunction().pointsTo(theFlaskReponseClass()) - or - call.getFunction().pointsTo(Value::named("flask.make_response")) - ) and - call.getArg(0) = this - ) - } - - override predicate sinks(TaintKind kind) { kind instanceof StringKind } - - override string toString() { result = "flask.response.argument" } -} - -deprecated class FlaskResponseTaintKind extends TaintKind { - FlaskResponseTaintKind() { this = "flask.Response" } -} - -deprecated class FlaskResponseConfiguration extends TaintTracking::Configuration { - FlaskResponseConfiguration() { this = "Flask response configuration" } - - override predicate isSource(DataFlow::Node node, TaintKind kind) { - kind instanceof FlaskResponseTaintKind and - ( - node.asCfgNode().(CallNode).getFunction().pointsTo(theFlaskReponseClass()) - or - node.asCfgNode().(CallNode).getFunction().pointsTo(Value::named("flask.make_response")) - ) - } -} diff --git a/python/ql/lib/semmle/python/web/pyramid/Request.qll b/python/ql/lib/semmle/python/web/pyramid/Request.qll deleted file mode 100644 index df84cc84440..00000000000 --- a/python/ql/lib/semmle/python/web/pyramid/Request.qll +++ /dev/null @@ -1,25 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -private import semmle.python.web.webob.Request -private import semmle.python.web.pyramid.View - -deprecated class PyramidRequest extends BaseWebobRequest { - PyramidRequest() { this = "pyramid.request" } - - override ClassValue getType() { result = Value::named("pyramid.request.Request") } -} - -/** Source of pyramid request objects */ -deprecated class PyramidViewArgument extends HttpRequestTaintSource { - PyramidViewArgument() { - exists(Function view_func | - is_pyramid_view_function(view_func) and - this.(ControlFlowNode).getNode() = view_func.getArg(0) - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof PyramidRequest } - - override string toString() { result = "pyramid.view.argument" } -} diff --git a/python/ql/lib/semmle/python/web/pyramid/View.qll b/python/ql/lib/semmle/python/web/pyramid/View.qll deleted file mode 100644 index 37d9334cb07..00000000000 --- a/python/ql/lib/semmle/python/web/pyramid/View.qll +++ /dev/null @@ -1,9 +0,0 @@ -import python - -deprecated ModuleValue thePyramidViewModule() { result.getName() = "pyramid.view" } - -deprecated Value thePyramidViewConfig() { result = thePyramidViewModule().attr("view_config") } - -deprecated predicate is_pyramid_view_function(Function func) { - func.getADecorator().pointsTo().getClass() = thePyramidViewConfig() -} diff --git a/python/ql/lib/semmle/python/web/stdlib/Request.qll b/python/ql/lib/semmle/python/web/stdlib/Request.qll deleted file mode 100644 index ff850233616..00000000000 --- a/python/ql/lib/semmle/python/web/stdlib/Request.qll +++ /dev/null @@ -1,126 +0,0 @@ -/** - * Provides the sources and taint-flow for HTTP servers defined using the standard library (stdlib). - * Specifically, we model `HttpRequestTaintSource`s from instances of `BaseHTTPRequestHandler` - * (or subclasses) and form parsing using `cgi.FieldStorage`. - */ - -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http - -/** Source of BaseHttpRequestHandler instances. */ -deprecated class StdLibRequestSource extends HttpRequestTaintSource { - StdLibRequestSource() { - exists(ClassValue cls | - cls.getABaseType+() = Value::named("BaseHTTPServer.BaseHTTPRequestHandler") - or - cls.getABaseType+() = Value::named("http.server.BaseHTTPRequestHandler") - | - this.(ControlFlowNode).pointsTo().getClass() = cls - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof BaseHTTPRequestHandlerKind } -} - -/** TaintKind for an instance of BaseHttpRequestHandler. */ -deprecated class BaseHTTPRequestHandlerKind extends TaintKind { - BaseHTTPRequestHandlerKind() { this = "BaseHTTPRequestHandlerKind" } - - override TaintKind getTaintOfAttribute(string name) { - name in ["requestline", "path"] and - result instanceof ExternalStringKind - or - name = "headers" and - result instanceof HTTPMessageKind - or - name = "rfile" and - result instanceof ExternalFileObject - } -} - -/** TaintKind for headers (instance of HttpMessage). */ -deprecated class HTTPMessageKind extends ExternalStringDictKind { - override TaintKind getTaintOfMethodResult(string name) { - result = super.getTaintOfMethodResult(name) - or - name = "get_all" and - result.(SequenceKind).getItem() = this.getValue() - or - name in ["as_bytes", "as_string"] and - result instanceof ExternalStringKind - } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - result = super.getTaintForFlowStep(fromnode, tonode) - or - exists(ClassValue cls | cls = ClassValue::unicode() or cls = ClassValue::bytes() | - tonode = cls.getACall() and - tonode.(CallNode).getArg(0) = fromnode and - result instanceof ExternalStringKind - ) - } -} - -/** Source of parsed HTTP forms (by using the `cgi` module). */ -deprecated class CgiFieldStorageSource extends HttpRequestTaintSource { - CgiFieldStorageSource() { this = Value::named("cgi.FieldStorage").getACall() } - - override predicate isSourceOf(TaintKind kind) { kind instanceof CgiFieldStorageFormKind } -} - -/** TaintKind for a parsed HTTP form. */ -deprecated class CgiFieldStorageFormKind extends TaintKind { - /* - * There is a slight difference between how we model form/fields and how it is handled by the code. - * In the code - * ``` - * form = cgi.FieldStorage() - * field = form['myfield'] - * ``` - * both `form` and `field` have the type `cgi.FieldStorage`. This allows the code to represent - * nested forms as `form['nested_form']['myfield']`. However, since HTML forms can't be nested - * we ignore that detail since it allows for a more clean modeling. - */ - - CgiFieldStorageFormKind() { this = "CgiFieldStorageFormKind" } - - override TaintKind getTaintOfAttribute(string name) { - name = "value" and result.(SequenceKind).getItem() instanceof CgiFieldStorageFieldKind - } - - override TaintKind getTaintOfMethodResult(string name) { - name = "getvalue" and - ( - result instanceof ExternalStringKind - or - result.(SequenceKind).getItem() instanceof ExternalStringKind - ) - or - name = "getfirst" and - result instanceof ExternalStringKind - or - name = "getlist" and - result.(SequenceKind).getItem() instanceof ExternalStringKind - } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - tonode.(SubscriptNode).getObject() = fromnode and - ( - result instanceof CgiFieldStorageFieldKind - or - result.(SequenceKind).getItem() instanceof CgiFieldStorageFieldKind - ) - } -} - -/** TaintKind for the field of a parsed HTTP form. */ -deprecated class CgiFieldStorageFieldKind extends TaintKind { - CgiFieldStorageFieldKind() { this = "CgiFieldStorageFieldKind" } - - override TaintKind getTaintOfAttribute(string name) { - name in ["filename", "value"] and result instanceof ExternalStringKind - or - name = "file" and result instanceof ExternalFileObject - } -} diff --git a/python/ql/lib/semmle/python/web/tornado/Request.qll b/python/ql/lib/semmle/python/web/tornado/Request.qll deleted file mode 100644 index 77a02c230ae..00000000000 --- a/python/ql/lib/semmle/python/web/tornado/Request.qll +++ /dev/null @@ -1,69 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -import Tornado - -/** A tornado.request.HttpRequest object */ -deprecated class TornadoRequest extends TaintKind { - TornadoRequest() { this = "tornado.request.HttpRequest" } - - override TaintKind getTaintOfAttribute(string name) { - result instanceof ExternalStringDictKind and - ( - name = "headers" or - name = "cookies" - ) - or - result instanceof ExternalStringKind and - ( - name = "uri" or - name = "query" or - name = "body" - ) - or - result instanceof ExternalStringSequenceDictKind and - ( - name = "arguments" or - name = "query_arguments" or - name = "body_arguments" - ) - } -} - -deprecated class TornadoRequestSource extends HttpRequestTaintSource { - TornadoRequestSource() { isTornadoRequestHandlerInstance(this.(AttrNode).getObject("request")) } - - override string toString() { result = "Tornado request source" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof TornadoRequest } -} - -deprecated class TornadoExternalInputSource extends HttpRequestTaintSource { - TornadoExternalInputSource() { - exists(string name | - name in ["get_argument", "get_query_argument", "get_body_argument", "decode_argument"] - | - this = callToNamedTornadoRequestHandlerMethod(name) - ) - } - - override string toString() { result = "Tornado request method" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } -} - -deprecated class TornadoExternalInputListSource extends HttpRequestTaintSource { - TornadoExternalInputListSource() { - exists(string name | - name = "get_arguments" or - name = "get_query_arguments" or - name = "get_body_arguments" - | - this = callToNamedTornadoRequestHandlerMethod(name) - ) - } - - override string toString() { result = "Tornado request method" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringSequenceKind } -} diff --git a/python/ql/lib/semmle/python/web/tornado/Tornado.qll b/python/ql/lib/semmle/python/web/tornado/Tornado.qll deleted file mode 100644 index 798ecff43ff..00000000000 --- a/python/ql/lib/semmle/python/web/tornado/Tornado.qll +++ /dev/null @@ -1,50 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http - -deprecated private ClassValue theTornadoRequestHandlerClass() { - result = Value::named("tornado.web.RequestHandler") -} - -deprecated ClassValue aTornadoRequestHandlerClass() { - result.getABaseType+() = theTornadoRequestHandlerClass() -} - -/** - * Holds if `node` is likely to refer to an instance of a tornado - * `RequestHandler` class. - */ -deprecated predicate isTornadoRequestHandlerInstance(ControlFlowNode node) { - node.pointsTo().getClass() = aTornadoRequestHandlerClass() - or - /* - * In some cases, the points-to analysis won't capture all instances we care - * about. For these, we use the following syntactic check. First, that - * `node` appears inside a method of a subclass of - * `tornado.web.RequestHandler`: - */ - - node.getScope().getEnclosingScope() = aTornadoRequestHandlerClass().getScope() and - /* Secondly, that `node` refers to the `self` argument: */ - node.isLoad() and - node.(NameNode).isSelf() -} - -deprecated CallNode callToNamedTornadoRequestHandlerMethod(string name) { - isTornadoRequestHandlerInstance(result.getFunction().(AttrNode).getObject(name)) -} - -deprecated class TornadoCookieSet extends CookieSet, CallNode { - TornadoCookieSet() { - exists(ControlFlowNode f | - f = this.getFunction().(AttrNode).getObject("set_cookie") and - isTornadoRequestHandlerInstance(f) - ) - } - - override string toString() { result = CallNode.super.toString() } - - override ControlFlowNode getKey() { result = this.getArg(0) } - - override ControlFlowNode getValue() { result = this.getArg(1) } -} diff --git a/python/ql/lib/semmle/python/web/turbogears/Request.qll b/python/ql/lib/semmle/python/web/turbogears/Request.qll deleted file mode 100644 index 48e063d0f99..00000000000 --- a/python/ql/lib/semmle/python/web/turbogears/Request.qll +++ /dev/null @@ -1,26 +0,0 @@ -import python -import semmle.python.security.strings.External -import semmle.python.web.Http -import TurboGears - -deprecated private class ValidatedMethodParameter extends Parameter { - ValidatedMethodParameter() { - exists(string name, TurboGearsControllerMethod method | - method.getArgByName(name) = this and - method.getValidationDict().getItem(_).(KeyValuePair).getKey().(StrConst).getText() = name - ) - } -} - -deprecated class UnvalidatedControllerMethodParameter extends HttpRequestTaintSource { - UnvalidatedControllerMethodParameter() { - exists(Parameter p | - any(TurboGearsControllerMethod m | not m.getName() = "onerror").getAnArg() = p and - not p instanceof ValidatedMethodParameter and - not p.isSelf() and - p.(Name).getAFlowNode() = this - ) - } - - override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind } -} diff --git a/python/ql/lib/semmle/python/web/turbogears/TurboGears.qll b/python/ql/lib/semmle/python/web/turbogears/TurboGears.qll deleted file mode 100644 index 87006afe03a..00000000000 --- a/python/ql/lib/semmle/python/web/turbogears/TurboGears.qll +++ /dev/null @@ -1,37 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking - -deprecated private ClassValue theTurboGearsControllerClass() { - result = Value::named("tg.TGController") -} - -deprecated ClassValue aTurboGearsControllerClass() { - result.getABaseType+() = theTurboGearsControllerClass() -} - -deprecated class TurboGearsControllerMethod extends Function { - ControlFlowNode decorator; - - TurboGearsControllerMethod() { - aTurboGearsControllerClass().getScope() = this.getScope() and - decorator = this.getADecorator().getAFlowNode() and - /* Is decorated with @expose() or @expose(path) */ - ( - decorator.(CallNode).getFunction().(NameNode).getId() = "expose" - or - decorator.pointsTo().getClass() = Value::named("tg.expose") - ) - } - - private ControlFlowNode templateName() { result = decorator.(CallNode).getArg(0) } - - predicate isTemplated() { exists(this.templateName()) } - - Dict getValidationDict() { - exists(Call call | - call = this.getADecorator() and - call.getFunc().(Name).getId() = "validate" and - call.getArg(0).pointsTo(_, result) - ) - } -} diff --git a/python/ql/lib/semmle/python/web/twisted/Request.qll b/python/ql/lib/semmle/python/web/twisted/Request.qll deleted file mode 100644 index d1bcf879f0f..00000000000 --- a/python/ql/lib/semmle/python/web/twisted/Request.qll +++ /dev/null @@ -1,30 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http -import Twisted - -/** A twisted.web.http.Request object */ -deprecated class TwistedRequest extends TaintKind { - TwistedRequest() { this = "twisted.request.http.Request" } - - override TaintKind getTaintOfAttribute(string name) { - result instanceof ExternalStringSequenceDictKind and - name = "args" - or - result instanceof ExternalStringKind and - name = "uri" - } - - override TaintKind getTaintOfMethodResult(string name) { - name in ["getHeader", "getCookie", "getUser", "getPassword"] and - result instanceof ExternalStringKind - } -} - -deprecated class TwistedRequestSource extends HttpRequestTaintSource { - TwistedRequestSource() { isTwistedRequestInstance(this) } - - override string toString() { result = "Twisted request source" } - - override predicate isSourceOf(TaintKind kind) { kind instanceof TwistedRequest } -} diff --git a/python/ql/lib/semmle/python/web/twisted/Twisted.qll b/python/ql/lib/semmle/python/web/twisted/Twisted.qll deleted file mode 100644 index 54dd1d959e8..00000000000 --- a/python/ql/lib/semmle/python/web/twisted/Twisted.qll +++ /dev/null @@ -1,52 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking - -deprecated private ClassValue theTwistedHttpRequestClass() { - result = Value::named("twisted.web.http.Request") -} - -deprecated private ClassValue theTwistedHttpResourceClass() { - result = Value::named("twisted.web.resource.Resource") -} - -deprecated ClassValue aTwistedRequestHandlerClass() { - result.getABaseType+() = theTwistedHttpResourceClass() -} - -deprecated FunctionValue getTwistedRequestHandlerMethod(string name) { - result = aTwistedRequestHandlerClass().declaredAttribute(name) -} - -bindingset[name] -deprecated predicate isKnownRequestHandlerMethodName(string name) { - name = "render" or - name.matches("render_%") -} - -/** - * Holds if `node` is likely to refer to an instance of the twisted - * `Request` class. - */ -deprecated predicate isTwistedRequestInstance(NameNode node) { - node.pointsTo().getClass() = theTwistedHttpRequestClass() - or - /* - * In points-to analysis cannot infer that a given object is an instance of - * the `twisted.web.http.Request` class, we also include any parameter - * called `request` that appears inside a subclass of a request handler - * class, and the appropriate arguments of known request handler methods. - */ - - exists(Function func | - func = node.getScope() and - func.getEnclosingScope() = aTwistedRequestHandlerClass().getScope() - | - /* Any parameter called `request` */ - node.getId() = "request" and - node.isParameter() - or - /* Any request parameter of a known request handler method */ - isKnownRequestHandlerMethodName(func.getName()) and - node.getNode() = func.getArg(1) - ) -} diff --git a/python/ql/lib/semmle/python/web/webob/Request.qll b/python/ql/lib/semmle/python/web/webob/Request.qll deleted file mode 100644 index 3c085b1d02d..00000000000 --- a/python/ql/lib/semmle/python/web/webob/Request.qll +++ /dev/null @@ -1,38 +0,0 @@ -import python -import semmle.python.dataflow.TaintTracking -import semmle.python.web.Http - -abstract deprecated class BaseWebobRequest extends TaintKind { - bindingset[this] - BaseWebobRequest() { any() } - - override TaintKind getTaintOfAttribute(string name) { - result instanceof ExternalStringDictKind and - ( - name = "GET" or - name = "POST" or - name = "headers" - ) - or - result instanceof ExternalStringKind and - name = "body" - } - - override TaintKind getTaintOfMethodResult(string name) { - result = this and - ( - name = "copy" or - name = "copy_get" or - name = "copy_body" - ) - or - result instanceof ExternalStringKind and - name = "as_bytes" - } -} - -deprecated class WebobRequest extends BaseWebobRequest { - WebobRequest() { this = "webob.Request" } - - override ClassValue getType() { result = Value::named("webob.request.Request") } -} From 689eda4dae0a3ef1dfb8a2c1eebaff50636ba514 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:56:19 +0200 Subject: [PATCH 05/13] CPP: delete the deprecated `AnalysedString` class --- cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll | 3 --- 1 file changed, 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll b/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll index 40689adda30..a2ae417b99e 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll @@ -27,9 +27,6 @@ predicate canValueFlow(Expr fromExpr, Expr toExpr) { fromExpr = toExpr.(ConditionalExpr).getElse() } -/** DEPRECATED: Alias for AnalyzedString */ -deprecated class AnalysedString = AnalyzedString; - /** * An analyzed null terminated string. */ From e3e8f3d7c4a043a9807c93ab3cd57bc94b2486b8 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:56:57 +0200 Subject: [PATCH 06/13] Java: delete various outdated deprecations --- java/ql/lib/semmle/code/java/Annotation.qll | 19 ------------ java/ql/lib/semmle/code/java/Expr.qll | 3 -- .../lib/semmle/code/java/JDKAnnotations.qll | 30 ------------------- .../controlflow/internal/Preconditions.qll | 9 ------ java/ql/src/Telemetry/ExternalApi.qll | 3 -- 5 files changed, 64 deletions(-) diff --git a/java/ql/lib/semmle/code/java/Annotation.qll b/java/ql/lib/semmle/code/java/Annotation.qll index fa010ec88c0..de7dd47a93e 100644 --- a/java/ql/lib/semmle/code/java/Annotation.qll +++ b/java/ql/lib/semmle/code/java/Annotation.qll @@ -46,20 +46,6 @@ class Annotation extends @annotation, Expr { result = this.getType().getAnnotationElement(name) } - /** - * DEPRECATED: Getting the value of _any_ annotation element is error-prone because - * it could lead to selecting the value of the wrong element by accident (for example - * when an annotation type is extended in the future). Prefer the predicate `getValue(string)` - * and explicitly specify the element name. Use `getValue(_)` if it is really desired to - * get the value of any element. - * - * Gets a value of an annotation element. This includes default values in case - * no explicit value is specified. For elements with an array value type this - * might have an `ArrayInit` as result. To properly handle array values, prefer - * the predicate `getAnArrayValue`. - */ - deprecated Expr getAValue() { filteredAnnotValue(this, _, result) } - /** * Gets the value of the annotation element with the specified `name`. * This includes default values in case no explicit value is specified. @@ -157,11 +143,6 @@ class Annotation extends @annotation, Expr { */ Expr getAnArrayValue(string name) { result = this.getArrayValue(name, _) } - /** - * DEPRECATED: Predicate has been renamed to `getAnArrayValue` - */ - deprecated Expr getAValue(string name) { result = this.getAnArrayValue(name) } - /** * Gets a value of the annotation element with the specified `name`, which must be declared as an enum * type array. This includes default values in case no explicit value is specified. diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 81c5dc64aea..c1097c67ce5 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -609,9 +609,6 @@ class LongLiteral extends Literal, @longliteral { override string getAPrimaryQlClass() { result = "LongLiteral" } } -/** DEPRECATED: Alias for FloatLiteral */ -deprecated class FloatingPointLiteral = FloatLiteral; - /** * A float literal. For example, `4.2f`. * diff --git a/java/ql/lib/semmle/code/java/JDKAnnotations.qll b/java/ql/lib/semmle/code/java/JDKAnnotations.qll index 502aef09075..13a5aeff9c3 100644 --- a/java/ql/lib/semmle/code/java/JDKAnnotations.qll +++ b/java/ql/lib/semmle/code/java/JDKAnnotations.qll @@ -18,14 +18,6 @@ class OverrideAnnotation extends Annotation { class SuppressWarningsAnnotation extends Annotation { SuppressWarningsAnnotation() { this.getType().hasQualifiedName("java.lang", "SuppressWarnings") } - /** - * DEPRECATED: This predicate restricts the results to `StringLiteral`; prefer `getASuppressedWarning()` - * to get the name of a suppressed warning. - * - * Gets the `StringLiteral` of a warning suppressed by this annotation. - */ - deprecated StringLiteral getASuppressedWarningLiteral() { result = this.getAnArrayValue("value") } - /** Gets the name of a warning suppressed by this annotation. */ string getASuppressedWarning() { result = this.getAStringArrayValue("value") } } @@ -34,17 +26,6 @@ class SuppressWarningsAnnotation extends Annotation { class TargetAnnotation extends Annotation { TargetAnnotation() { this.getType().hasQualifiedName("java.lang.annotation", "Target") } - /** - * DEPRECATED: Getting the field access expression is rarely useful. Use `getATargetElementType()` - * to get the name of the target element. - * - * Gets a target expression within this annotation. - * - * For example, the field access `ElementType.FIELD` is a target expression in - * `@Target({ElementType.FIELD, ElementType.METHOD})`. - */ - deprecated Expr getATargetExpression() { result = this.getAnArrayValue("value") } - /** * Gets the name of a target element type. * @@ -58,17 +39,6 @@ class TargetAnnotation extends Annotation { class RetentionAnnotation extends Annotation { RetentionAnnotation() { this.getType().hasQualifiedName("java.lang.annotation", "Retention") } - /** - * DEPRECATED: Getting the field access expression is rarely useful. Use `getRetentionPolicy()` - * to get the name of the retention policy. - * - * Gets the retention policy expression within this annotation. - * - * For example, the field access `RetentionPolicy.RUNTIME` is the - * retention policy expression in `@Retention(RetentionPolicy.RUNTIME)`. - */ - deprecated Expr getRetentionPolicyExpression() { result = this.getValue("value") } - /** * Gets the name of the retention policy of this annotation. * diff --git a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll index 3563176f4b0..180d99e7e71 100644 --- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll +++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll @@ -96,15 +96,6 @@ private predicate condtionCheckMethodTestingFramework(Method m, int argument, bo ) } -/** - * DEPRECATED: Use `conditionCheckArgument` instead. - * Holds if `ma` is an access to a non-overridable method that checks that its - * first argument is equal to `checkTrue` and throws otherwise. - */ -deprecated predicate conditionCheck(MethodAccess ma, boolean checkTrue) { - conditionCheckArgument(ma, 0, checkTrue) -} - /** * Holds if `ma` is an access to a non-overridable method that checks that its * zero-indexed `argument` is equal to `checkTrue` and throws otherwise. diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index d0ba2fce7d7..b6e0de2f842 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -90,9 +90,6 @@ class ExternalApi extends Callable { } } -/** DEPRECATED: Alias for ExternalApi */ -deprecated class ExternalAPI = ExternalApi; - /** * Gets the limit for the number of results produced by a telemetry query. */ From e0fefce2a33f3b335cb4d3ffed52da342170c9ea Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:57:26 +0200 Subject: [PATCH 07/13] Ruby: delete various deprecated predicates --- ruby/ql/lib/codeql/ruby/Concepts.qll | 10 ++-------- ruby/ql/lib/codeql/ruby/ast/Constant.qll | 6 ------ .../codeql/ruby/frameworks/core/internal/IOOrFile.qll | 9 --------- 3 files changed, 2 insertions(+), 23 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index bc2a28a4cd6..7676534c7c0 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -1096,10 +1096,7 @@ module Cryptography { * extend `CryptographicOperation::Range` instead. */ class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range - { - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { super.isWeak() } - } + { } /** Provides classes for modeling new applications of a cryptographic algorithms. */ module CryptographicOperation { @@ -1110,10 +1107,7 @@ module Cryptography { * Extend this class to model new APIs. If you want to refine existing API models, * extend `CryptographicOperation` instead. */ - abstract class Range extends SC::CryptographicOperation::Range { - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { this.getAlgorithm().isWeak() or this.getBlockMode().isWeak() } - } + abstract class Range extends SC::CryptographicOperation::Range { } } class BlockMode = SC::BlockMode; diff --git a/ruby/ql/lib/codeql/ruby/ast/Constant.qll b/ruby/ql/lib/codeql/ruby/ast/Constant.qll index 0a716ed8407..fef057bc88e 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Constant.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Constant.qll @@ -80,12 +80,6 @@ class ConstantValue extends TConstantValue { /** Holds if this is the regexp value `/s/flags` . */ predicate isRegExpWithFlags(string s, string flags) { this = TRegExp(s, flags) } - /** DEPRECATED: Use `getStringlikeValue` instead. */ - deprecated string getStringOrSymbol() { result = this.getStringlikeValue() } - - /** DEPRECATED: Use `isStringlikeValue` instead. */ - deprecated predicate isStringOrSymbol(string s) { s = this.getStringlikeValue() } - /** Gets the string/symbol/regexp value, if any. */ string getStringlikeValue() { result = [this.getString(), this.getSymbol(), this.getRegExp()] } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll index 25bd4474ce6..658d5b6fc0c 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll @@ -63,9 +63,6 @@ abstract class IOOrFileMethodCall extends DataFlow::CallNode { /** Gets the API used to perform this call, either "IO" or "File" */ abstract string getApi(); - /** DEPRECATED: Alias for getApi */ - deprecated string getAPI() { result = this.getApi() } - /** Gets a node representing the data read or written by this call */ abstract DataFlow::Node getADataNodeImpl(); @@ -115,9 +112,6 @@ class IOOrFileReadMethodCall extends IOOrFileMethodCall { override string getApi() { result = api } - /** DEPRECATED: Alias for getApi */ - deprecated override string getAPI() { result = this.getApi() } - override DataFlow::Node getADataNodeImpl() { result = this } override string getReceiverKind() { result = receiverKind } @@ -159,9 +153,6 @@ class IOOrFileWriteMethodCall extends IOOrFileMethodCall { override string getApi() { result = api } - /** DEPRECATED: Alias for getApi */ - deprecated override string getAPI() { result = this.getApi() } - override DataFlow::Node getADataNodeImpl() { result = dataNode } override string getReceiverKind() { result = receiverKind } From c2942b37a7ce8f870bd70f1a400734de3d165dfa Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 21:59:40 +0200 Subject: [PATCH 08/13] JS: delete various outdated deprecations --- .../ql/lib/semmle/javascript/ApiGraphs.qll | 18 ---- .../semmle/javascript/dataflow/DataFlow.qll | 8 -- .../lib/semmle/javascript/dataflow/Nodes.qll | 18 ---- .../javascript/filters/ClassifyFiles.qll | 3 - .../frameworks/AngularJS/AngularJSCore.qll | 21 ---- .../AngularJS/ServiceDefinitions.qll | 15 --- .../semmle/javascript/frameworks/Connect.qll | 2 - .../javascript/frameworks/Credentials.qll | 17 ---- .../semmle/javascript/frameworks/Express.qll | 95 ------------------- .../semmle/javascript/frameworks/Fastify.qll | 6 -- .../lib/semmle/javascript/frameworks/HTTP.qll | 82 ---------------- .../lib/semmle/javascript/frameworks/Hapi.qll | 18 ---- .../lib/semmle/javascript/frameworks/Koa.qll | 52 ---------- .../semmle/javascript/frameworks/Micro.qll | 8 -- .../javascript/frameworks/NodeJSLib.qll | 44 --------- .../semmle/javascript/frameworks/Restify.qll | 16 ---- .../javascript/security/SensitiveActions.qll | 16 ---- .../javascript/security/dataflow/DOM.qll | 79 --------------- .../dataflow/DomBasedXssCustomizations.qll | 3 - .../javascript/security/dataflow/Xss.qll | 40 -------- .../semmle/javascript/Actions.qll | 4 - 21 files changed, 565 deletions(-) delete mode 100644 javascript/ql/src/experimental/semmle/javascript/Actions.qll diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 080a1bc1209..dc9844bf8bd 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -153,12 +153,6 @@ module API { */ DataFlow::SourceNode asSource() { Impl::use(this, result) } - /** DEPRECATED. This predicate has been renamed to `asSource`. */ - deprecated DataFlow::SourceNode getAnImmediateUse() { result = this.asSource() } - - /** DEPRECATED. This predicate has been renamed to `getAValueReachableFromSource`. */ - deprecated DataFlow::Node getAUse() { result = this.getAValueReachableFromSource() } - /** * Gets a call to the function represented by this API component. */ @@ -212,12 +206,6 @@ module API { */ DataFlow::Node getAValueReachingSink() { result = Impl::trackDefNode(this.asSink()) } - /** DEPRECATED. This predicate has been renamed to `asSink`. */ - deprecated DataFlow::Node getARhs() { result = this.asSink() } - - /** DEPRECATED. This predicate has been renamed to `getAValueReachingSink`. */ - deprecated DataFlow::Node getAValueReachingRhs() { result = this.getAValueReachingSink() } - /** * Gets a node representing member `m` of this API component. * @@ -622,12 +610,6 @@ module API { bindingset[this] EntryPoint() { any() } - /** DEPRECATED. This predicate has been renamed to `getASource`. */ - deprecated DataFlow::SourceNode getAUse() { none() } - - /** DEPRECATED. This predicate has been renamed to `getASink`. */ - deprecated DataFlow::SourceNode getARhs() { none() } - /** Gets a data-flow node where a value enters the current codebase through this entry-point. */ DataFlow::SourceNode getASource() { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index e8c2b563c92..46dfdf63edd 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -138,14 +138,6 @@ module DataFlow { CallGraph::getABoundFunctionReference(result, boundArgs, _).flowsTo(this) } - /** - * DEPRECATED: Use `DataFlow::ParameterNode::flowsTo()` instead. - * Holds if this expression may refer to the initial value of parameter `p`. - */ - deprecated predicate mayReferToParameter(Parameter p) { - parameterNode(p).(SourceNode).flowsTo(this) - } - /** * Holds if this element is at the specified location. * The location spans column `startcolumn` of line `startline` to diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll index bc3d205eb6a..ebe7b730e48 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll @@ -1150,30 +1150,12 @@ module ClassNode { cached abstract FunctionNode getStaticMember(string name, MemberKind kind); - /** - * DEPRECATED. Override `getStaticMember` instead. - * - * Gets the static method of this class with the given name. - */ - cached - deprecated FunctionNode getStaticMethod(string name) { none() } - /** * Gets a static member of this class of the given kind. */ cached abstract FunctionNode getAStaticMember(MemberKind kind); - /** - * DEPRECATED. Override `getAStaticMember` instead. - * - * Gets a static method of this class. - * - * The constructor is not considered a static method. - */ - cached - deprecated FunctionNode getAStaticMethod() { none() } - /** * Gets a dataflow node representing a class to be used as the super-class * of this node. diff --git a/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll b/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll index 23366ae6b71..5dd44226351 100644 --- a/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll +++ b/javascript/ql/lib/semmle/javascript/filters/ClassifyFiles.qll @@ -75,9 +75,6 @@ predicate isExternsFile(File f) { */ predicate isLibraryFile(File f) { f.getATopLevel() instanceof FrameworkLibraryInstance } -/** DEPRECATED: Alias for isLibraryFile */ -deprecated predicate isLibaryFile = isLibraryFile/1; - /** * Holds if `f` contains template code. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll index 4997674375d..1a6d11cd753 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll @@ -618,27 +618,6 @@ private class JQLiteObject extends JQuery::ObjectSource::Range { } } -/** - * DEPRECATED: Use `AngularJSCallNode` instead. - * A call to an AngularJS function. - * - * Used for exposing behavior that is similar to the behavior of other libraries. - */ -deprecated class AngularJSCall extends CallExpr { - AngularJSCallNode node; - - AngularJSCall() { this.flow() = node } - - /** Holds if `e` is an argument that this call interprets as HTML. */ - deprecated predicate interpretsArgumentAsHtml(Expr e) { node.interpretsArgumentAsHtml(e.flow()) } - - /** Holds if `e` is an argument that this call stores globally, e.g. in a cookie. */ - deprecated predicate storesArgumentGlobally(Expr e) { node.storesArgumentGlobally(e.flow()) } - - /** Holds if `e` is an argument that this call interprets as code. */ - deprecated predicate interpretsArgumentAsCode(Expr e) { node.interpretsArgumentAsCode(e.flow()) } -} - /** * A call to an AngularJS function. * diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll index cbecb091139..ae8d3b7d9c5 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/ServiceDefinitions.qll @@ -447,21 +447,6 @@ BuiltinServiceReference getBuiltinServiceOfKind(string kind) { ) } -/** - * DEPRECATED: Use `ServiceRequestNode` instead. - * A request for one or more AngularJS services. - */ -deprecated class ServiceRequest extends Expr { - ServiceRequestNode node; - - ServiceRequest() { this.flow() = node } - - /** Gets the parameter of this request into which `service` is injected. */ - deprecated Parameter getDependencyParameter(ServiceReference service) { - result.flow() = node.getDependencyParameter(service) - } -} - /** * A request for one or more AngularJS services. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll b/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll index 00a14a8368f..dbcbc0635db 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Connect.qll @@ -118,8 +118,6 @@ module Connect { override string getCredentialsKind() { result = kind } } - deprecated class RequestExpr = NodeJSLib::RequestExpr; - class RequestNode = NodeJSLib::RequestNode; /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll b/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll index c1685f11cf4..7cff54d6465 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll @@ -5,23 +5,6 @@ import javascript -/** - * DEPRECATED: Use `CredentialsNode` instead. - * An expression whose value is used to supply credentials such - * as a user name, a password, or a key. - */ -deprecated class CredentialsExpr extends Expr { - CredentialsNode node; - - CredentialsExpr() { node.asExpr() = this } - - /** - * Gets a description of the kind of credential this expression is used as, - * such as `"user name"`, `"password"`, `"key"`. - */ - deprecated string getCredentialsKind() { result = node.getCredentialsKind() } -} - /** * An expression whose value is used to supply credentials such * as a user name, a password, or a key. diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll index bc6924cfd0f..c39d19d4375 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Express.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Express.qll @@ -55,14 +55,6 @@ module Express { WebpackDevServer::webpackDevServerApp().flowsTo(e) } - /** - * DEPRECATED: Use `RouterDefinition.ref()` or `RouteSetup` instead. - * An expression that refers to a route. - */ - deprecated class RouteExpr extends MethodCallExpr { - RouteExpr() { isRouter(this.flow()) } - } - /** * Gets the name of an Express router method that sets up a route. */ @@ -145,17 +137,6 @@ module Express { /** Holds if this is a call `use`, such as `app.use(handler)`. */ predicate isUseCall() { this.getMethodName() = "use" } - /** - * DEPRECATED: Use `getRouteHandlerNode` instead. - * Gets the `n`th handler registered by this setup, with 0 being the first. - * - * This differs from `getARouteHandler` in that the argument expression is - * returned, not its dataflow source. - */ - deprecated Expr getRouteHandlerExpr(int index) { - result = this.getRouteHandlerNode(index).asExpr() - } - /** * Gets the `n`th handler registered by this setup, with 0 being the first. * @@ -174,25 +155,11 @@ module Express { ) } - /** - * DEPRECATED: Use `getARouteHandlerNode` instead. - * Gets an argument that represents a route handler being registered. - */ - deprecated Expr getARouteHandlerExpr() { result = this.getRouteHandlerExpr(_) } - /** * Gets an argument that represents a route handler being registered. */ DataFlow::Node getARouteHandlerNode() { result = this.getRouteHandlerNode(_) } - /** - * DEPRECATED: Use `getLastRouteHandlerExpr` instead. - * Gets the last argument representing a route handler being registered. - */ - deprecated Expr getLastRouteHandlerExpr() { - result = max(int i | | this.getRouteHandlerExpr(i) order by i) - } - /** * Gets the last argument representing a route handler being registered. */ @@ -294,52 +261,6 @@ module Express { } } - /** - * DEPRECATED: Use `RouteHandlerNode` instead. - * An expression used as an Express route handler, such as `submitHandler` below: - * ``` - * app.post('/submit', submitHandler) - * ``` - * - * Unlike `RouterHandler`, this is the argument passed to a setup, as opposed to - * a function that flows into such an argument. - */ - deprecated class RouteHandlerExpr extends Expr { - RouteHandlerNode node; - - RouteHandlerExpr() { this.flow() = node } - - /** Gets the setup call that registers this route handler. */ - deprecated RouteSetup getSetup() { result = node.getSetup() } - - /** Gets the function body of this handler, if it is defined locally. */ - deprecated RouteHandler getBody() { result = node.getBody() } - - /** Holds if this is not followed by more handlers. */ - deprecated predicate isLastHandler() { node.isLastHandler() } - - /** Gets a route handler that immediately precedes this in the route stack. */ - deprecated Express::RouteHandlerExpr getPreviousMiddleware() { - result = node.getPreviousMiddleware().asExpr() - } - - /** Gets a route handler that may follow immediately after this one in its route stack. */ - deprecated Express::RouteHandlerExpr getNextMiddleware() { - result = node.getNextMiddleware().asExpr() - } - - /** - * Gets a route handler that precedes this one (not necessarily immediately), may handle - * same request method, and matches on the same path or a prefix. - */ - deprecated Express::RouteHandlerExpr getAMatchingAncestor() { - result = node.getAMatchingAncestor().asExpr() - } - - /** Gets the router being registered as a sub-router here, if any. */ - deprecated RouterDefinition getAsSubRouter() { result = node.getAsSubRouter() } - } - /** * An expression used as an Express route handler, such as `submitHandler` below: * ``` @@ -584,14 +505,6 @@ module Express { override RouteHandler getRouteHandler() { none() } // Not known. } - /** - * DEPRECATED: Use `ResponseNode` instead. - * An Express response expression. - */ - deprecated class ResponseExpr extends NodeJSLib::ResponseExpr { - ResponseExpr() { this.flow() instanceof ResponseNode } - } - /** * An Express response expression. */ @@ -599,14 +512,6 @@ module Express { override ResponseSource src; } - /** - * DEPRECATED: Use `RequestNode` instead. - * An Express request expression. - */ - deprecated class RequestExpr extends NodeJSLib::RequestExpr { - RequestExpr() { this.flow() instanceof RequestNode } - } - /** * An Express request expression. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll index ea7b59236a1..2b8d6287d78 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll @@ -154,12 +154,6 @@ module Fastify { override DataFlow::SourceNode getServer() { result = server } - /** - * DEPRECATED: Use `getARouteHandlerNode` instead. - * Gets an argument that represents a route handler being registered. - */ - deprecated DataFlow::Node getARouteHandlerExpr() { result = this.getARouteHandlerNode() } - /** Gets an argument that represents a route handler being registered. */ DataFlow::Node getARouteHandlerNode() { if methodName = "route" diff --git a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll index 31aa15db3b4..80b3ee1ff74 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll @@ -65,23 +65,9 @@ module Http { ) } - /** - * DEPRECATED: use `definesHeaderValue` instead. - * Holds if the header with (lower-case) name `headerName` is set to the value of `headerValue`. - */ - deprecated predicate definesExplicitly(string headerName, Expr headerValue) { - this.definesHeaderValue(headerName, headerValue.flow()) - } - /** Holds if the header with (lower-case) name `headerName` is set to the value of `headerValue`. */ abstract predicate definesHeaderValue(string headerName, DataFlow::Node headerValue); - /** - * DEPRECATED: Use `getNameNode()` instead. - * Returns the expression used to compute the header name. - */ - deprecated Expr getNameExpr() { result = this.getNameNode().asExpr() } - /** Returns the expression used to compute the header name. */ abstract DataFlow::Node getNameNode(); } @@ -202,26 +188,12 @@ module Http { */ final Servers::ResponseSource getAResponseSource() { result.getRouteHandler() = this } - /** - * DEPRECATED: Use `getARequestNode()` instead. - * Gets an expression that contains a request object handled - * by this handler. - */ - deprecated RequestExpr getARequestExpr() { result.flow() = this.getARequestNode() } - /** * Gets an expression that contains a request object handled * by this handler. */ RequestNode getARequestNode() { result.getRouteHandler() = this } - /** - * DEPRECATED: Use `getAResponseNode()` instead. - * Gets an expression that contains a response object provided - * by this handler. - */ - deprecated ResponseExpr getAResponseExpr() { result.flow() = this.getAResponseNode() } - /** * Gets an expression that contains a response object provided * by this handler. @@ -265,30 +237,6 @@ module Http { abstract RouteHandler getRouteHandler(); } - /** - * DEPRECATED: Use `RequestNode` instead. - * An expression that may contain a request object. - */ - deprecated class RequestExpr extends Expr { - RequestExpr() { this.flow() instanceof ResponseNode } - - /** - * Gets the route handler that handles this request. - */ - RouteHandler getRouteHandler() { result = this.flow().(ResponseNode).getRouteHandler() } - } - - /** - * DEPRECATED: Use `ResponseNode` instead. - * An expression that may contain a response object. - */ - deprecated class ResponseExpr extends Expr { - /** - * Gets the route handler that handles this request. - */ - RouteHandler getRouteHandler() { result = this.flow().(ResponseNode).getRouteHandler() } - } - /** * Boiler-plate implementation of a `Server` and its associated classes. * Made for easily defining new HTTP servers @@ -309,12 +257,6 @@ module Http { /** Gets a data flow node referring to this server. */ DataFlow::SourceNode ref() { result = this.ref(DataFlow::TypeTracker::end()) } - - /** - * DEPRECATED: Use `ref().flowsToExpr()` instead. - * Holds if `sink` may refer to this server definition. - */ - deprecated predicate flowsTo(Expr sink) { this.ref().flowsToExpr(sink) } } /** @@ -402,30 +344,6 @@ module Http { override RouteHandler getRouteHandler() { result = src.getRouteHandler() } } - /** - * A request expression arising from a request source. - */ - deprecated class StandardRequestExpr extends RequestExpr { - RequestSource src; - - StandardRequestExpr() { src.ref().flowsToExpr(this) } - - override RouteHandler getRouteHandler() { result = src.getRouteHandler() } - } - - /** - * A response expression arising from a response source. - */ - deprecated class StandardResponseExpr extends ResponseExpr { - ResponseSource src; - - StandardResponseExpr() { src.ref().flowsToExpr(this) } - - override RouteHandler getRouteHandler() { - result = this.flow().(StandardResponseNode).getRouteHandler() - } - } - /** * A standard header definition. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll index fb44b4e902b..f1936da3a67 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Hapi.qll @@ -87,14 +87,6 @@ module Hapi { override RouteHandler getRouteHandler() { result = rh } } - /** - * DEPRECATED: Use `ResponseNode` instead. - * A Hapi response expression. - */ - deprecated class ResponseExpr extends HTTP::Servers::StandardResponseExpr { - ResponseExpr() { this.flow() instanceof ResponseNode } - } - /** * A Hapi response node. */ @@ -102,14 +94,6 @@ module Hapi { override ResponseSource src; } - /** - * DEPRECATED: Use `RequestNode` instead. - * An Hapi request expression. - */ - deprecated class RequestExpr extends HTTP::Servers::StandardRequestExpr { - RequestExpr() { this.flow() instanceof RequestNode } - } - /** * A Hapi request node. */ @@ -255,8 +239,6 @@ module Hapi { pragma[noinline] private DataFlow::Node getRouteHandler() { result = handler } - deprecated Expr getRouteHandlerExpr() { result = handler.asExpr() } - override DataFlow::Node getServer() { result = server } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Koa.qll b/javascript/ql/lib/semmle/javascript/frameworks/Koa.qll index 789a1549bbc..c9b4403671d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Koa.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Koa.qll @@ -44,13 +44,6 @@ module Koa { result = this.getAFunctionValue().getParameter(0) } - /** - * DEPRECATED: Use `getAContextNode` instead. - * Gets an expression that contains the "context" object of - * a route handler invocation. - */ - deprecated Expr getAContextExpr() { result = this.getAContextNode().asExpr() } - /** * Gets an expression that contains the "context" object of * a route handler invocation. @@ -61,15 +54,6 @@ module Koa { */ DataFlow::Node getAContextNode() { result.(ContextNode).getRouteHandler() = this } - /** - * DEPRECATED: Use `getAResponseOrContextNode` instead. - * Gets an expression that contains the context or response - * object of a route handler invocation. - */ - deprecated Expr getAResponseOrContextExpr() { - result = this.getAResponseOrContextNode().asExpr() - } - /** * Gets an expression that contains the context or response * object of a route handler invocation. @@ -78,13 +62,6 @@ module Koa { result = this.getAResponseNode() or result = this.getAContextNode() } - /** - * DEPRECATED: Use `getARequestOrContextNode` instead. - * Gets an expression that contains the context or request - * object of a route handler invocation. - */ - deprecated Expr getARequestOrContextExpr() { result = this.getARequestOrContextNode().asExpr() } - /** * Gets an expression that contains the context or request * object of a route handler invocation. @@ -273,19 +250,6 @@ module Koa { override RouteHandler getRouteHandler() { result = ctx.getRouteHandler() } } - /** - * DEPRECATED: Use `ContextNode` instead. - * An expression that may hold a Koa context object. - */ - deprecated class ContextExpr extends Expr { - ContextNode node; - - ContextExpr() { node.asExpr() = this } - - /** Gets the route handler that provides this response. */ - deprecated RouteHandler getRouteHandler() { result = node.getRouteHandler() } - } - /** * An expression that may hold a Koa context object. */ @@ -300,14 +264,6 @@ module Koa { RouteHandler getRouteHandler() { result = src.getRouteHandler() } } - /** - * DEPRECATED: Use `RequestNode` instead. - * An expression that may hold a Koa request object. - */ - deprecated class RequestExpr extends HTTP::Servers::StandardRequestExpr { - RequestExpr() { this.flow() instanceof RequestNode } - } - /** * An expression that may hold a Koa request object. */ @@ -315,14 +271,6 @@ module Koa { override RequestSource src; } - /** - * DEPRECATED: Use `ResponseNode` instead. - * An expression that may hold a Koa response object. - */ - deprecated class ResponseExpr extends HTTP::Servers::StandardResponseExpr { - ResponseExpr() { this.flow() instanceof ResponseNode } - } - /** * An expression that may hold a Koa response object. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Micro.qll b/javascript/ql/lib/semmle/javascript/frameworks/Micro.qll index 3ef666b04ad..0db7b438b7d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Micro.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Micro.qll @@ -62,18 +62,10 @@ private module Micro { override Http::RouteHandler getRouteHandler() { result = h } } - deprecated class MicroRequestExpr extends NodeJSLib::RequestExpr { - override MicroRequestSource src; - } - class MicroRequestNode extends NodeJSLib::RequestNode { override MicroRequestSource src; } - deprecated class MicroReseponseExpr extends NodeJSLib::ResponseExpr { - override MicroResponseSource src; - } - class MicroResponseNode extends NodeJSLib::ResponseNode { override MicroResponseSource src; } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll index 258a583e1ca..b3d93383ed7 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll @@ -64,17 +64,6 @@ module NodeJSLib { ) } - /** - * DEPRECATED: Use `ResponseNode` instead. - * A Node.js HTTP response. - * - * A server library that provides an (enhanced) NodesJS HTTP response - * object should implement a library specific subclass of this class. - */ - deprecated class ResponseExpr extends HTTP::Servers::StandardResponseExpr { - ResponseExpr() { this.flow() instanceof ResponseNode } - } - /** * A Node.js HTTP response. * @@ -83,17 +72,6 @@ module NodeJSLib { */ abstract class ResponseNode extends Http::Servers::StandardResponseNode { } - /** - * DEPRECATED: Use `RequestNode` instead. - * A Node.js HTTP request. - * - * A server library that provides an (enhanced) NodesJS HTTP request - * object should implement a library specific subclass of this class. - */ - deprecated class RequestExpr extends HTTP::Servers::StandardRequestExpr { - RequestExpr() { this.flow() instanceof RequestNode } - } - /** * A Node.js HTTP request. * @@ -168,14 +146,6 @@ module NodeJSLib { override RouteHandler getRouteHandler() { result = rh } } - /** - * DEPRECATED: Use `BuiltinRouteHandlerResponseNode` instead. - * A builtin Node.js HTTP response. - */ - deprecated private class BuiltinRouteHandlerResponseExpr extends ResponseExpr { - BuiltinRouteHandlerResponseExpr() { src instanceof ResponseSource } - } - /** * A builtin Node.js HTTP response. */ @@ -183,14 +153,6 @@ module NodeJSLib { BuiltinRouteHandlerResponseNode() { src instanceof ResponseSource } } - /** - * DEPRECATED: Use `BuiltinRouteHandlerRequestNode` instead. - * A builtin Node.js HTTP request. - */ - deprecated private class BuiltinRouteHandlerRequestExpr extends RequestExpr { - BuiltinRouteHandlerRequestExpr() { src instanceof RequestSource } - } - /** * A builtin Node.js HTTP request. */ @@ -288,12 +250,6 @@ module NodeJSLib { override DataFlow::Node getServer() { result = server } - /** - * DEPRECATED: Use `getRouteHandlerNode` instead. - * Gets the expression for the handler registered by this setup. - */ - deprecated Expr getRouteHandlerExpr() { result = handler.asExpr() } - /** * Gets the expression for the handler registered by this setup. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll b/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll index 5b1a1f28173..0adbefc04e8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Restify.qll @@ -72,14 +72,6 @@ module Restify { override RouteHandler getRouteHandler() { result = rh } } - /** - * DEPRECATED: Use `ResponseNode` instead. - * A Node.js HTTP response provided by Restify. - */ - deprecated class ResponseExpr extends NodeJSLib::ResponseExpr { - ResponseExpr() { src instanceof ResponseSource } - } - /** * A Node.js HTTP response provided by Restify. */ @@ -87,14 +79,6 @@ module Restify { ResponseNode() { src instanceof ResponseSource or src instanceof FormatterResponseSource } } - /** - * DEPRECATED: Use `RequestNode` instead. - * A Node.js HTTP request provided by Restify. - */ - deprecated class RequestExpr extends NodeJSLib::RequestExpr { - RequestExpr() { src instanceof RequestSource } - } - /** * A Node.js HTTP request provided by Restify. */ diff --git a/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll b/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll index 660799ca1b3..ce442a8d62f 100644 --- a/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll +++ b/javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll @@ -13,22 +13,6 @@ import javascript import semmle.javascript.security.internal.SensitiveDataHeuristics private import HeuristicNames -/** - * DEPRECATED: Use `SensitiveNode` instead. - * An expression that might contain sensitive data. - */ -deprecated class SensitiveExpr extends Expr { - SensitiveNode node; - - SensitiveExpr() { node.asExpr() = this } - - /** Gets a human-readable description of this expression for use in alert messages. */ - deprecated string describe() { result = node.describe() } - - /** Gets a classification of the kind of sensitive data this expression might contain. */ - deprecated SensitiveDataClassification getClassification() { result = node.getClassification() } -} - /** An expression that might contain sensitive data. */ cached abstract class SensitiveNode extends DataFlow::Node { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll index e007bdd8ede..f25e2943210 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll @@ -18,23 +18,11 @@ class DomGlobalVariable extends GlobalVariable { } } -/** - * DEPRECATED: Use `isDomNode` instead. - * Holds if `e` could hold a value that comes from the DOM. - */ -deprecated predicate isDomValue(Expr e) { isDomNode(e.flow()) } - /** * Holds if `e` could hold a value that comes from the DOM. */ predicate isDomNode(DataFlow::Node e) { DOM::domValueRef().flowsTo(e) } -/** - * DEPRECATED: Use `isLocationNode` instead. - * Holds if `e` could refer to the `location` property of a DOM node. - */ -deprecated predicate isLocation(Expr e) { isLocationNode(e.flow()) } - /** Holds if `e` could refer to the `location` property of a DOM node. */ predicate isLocationNode(DataFlow::Node e) { e = DOM::domValueRef().getAPropertyReference("location") @@ -42,43 +30,6 @@ predicate isLocationNode(DataFlow::Node e) { e = DataFlow::globalVarRef("location") } -/** - * DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as - * taint tracking no longer step through the properties of the location object by default. - * - * Holds if `pacc` accesses a part of `document.location` that is - * not considered user-controlled, that is, anything except - * `href`, `hash` and `search`. - */ -deprecated predicate isSafeLocationProperty(PropAccess pacc) { - exists(string prop | pacc = DOM::locationRef().getAPropertyRead(prop).asExpr() | - prop != "href" and prop != "hash" and prop != "search" - ) -} - -/** - * DEPRECATED: Use `DomMethodCallNode` instead. - * A call to a DOM method. - */ -deprecated class DomMethodCallExpr extends MethodCallExpr { - DomMethodCallNode node; - - DomMethodCallExpr() { this.flow() = node } - - /** Holds if `arg` is an argument that is interpreted as HTML. */ - deprecated predicate interpretsArgumentsAsHtml(Expr arg) { - node.interpretsArgumentsAsHtml(arg.flow()) - } - - /** Holds if `arg` is an argument that is used as an URL. */ - deprecated predicate interpretsArgumentsAsURL(Expr arg) { - node.interpretsArgumentsAsURL(arg.flow()) - } - - /** DEPRECATED: Alias for interpretsArgumentsAsHtml */ - deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) } -} - /** * A call to a DOM method. */ @@ -129,36 +80,6 @@ class DomMethodCallNode extends DataFlow::MethodCallNode { ) ) } - - /** DEPRECATED: Alias for interpretsArgumentsAsUrl */ - deprecated predicate interpretsArgumentsAsURL(DataFlow::Node arg) { - this.interpretsArgumentsAsUrl(arg) - } - - /** DEPRECATED: Alias for interpretsArgumentsAsHtml */ - deprecated predicate interpretsArgumentsAsHTML(DataFlow::Node arg) { - this.interpretsArgumentsAsHtml(arg) - } -} - -/** - * DEPRECATED: Use `DomPropertyWrite` instead. - * An assignment to a property of a DOM object. - */ -deprecated class DomPropWriteNode extends Assignment { - DomPropertyWrite node; - - DomPropWriteNode() { this.flow() = node } - - /** - * Holds if the assigned value is interpreted as HTML. - */ - predicate interpretsValueAsHtml() { node.interpretsValueAsHtml() } - - /** - * Holds if the assigned value is interpreted as JavaScript via javascript: protocol. - */ - predicate interpretsValueAsJavaScriptUrl() { node.interpretsValueAsJavaScriptUrl() } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index f62fff2d886..b3ab20583ef 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -120,9 +120,6 @@ module DomBasedXss { WriteUrlSink() { super.isXssSink() } } - /** DEPRECATED: Alias for `WriteUrlSink`. */ - deprecated class WriteURLSink = WriteUrlSink; - /** * An expression whose value is interpreted as HTML or CSS * and may be inserted into the DOM. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index 8c881e49226..22feaca99eb 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -138,43 +138,3 @@ module Shared { IsEscapedInSwitchSanitizer() { this.asExpr() = getAPathEscapedInSwitch().getAUse() } } } - -/** - * DEPRECATED: Use the `DomBasedXssCustomizations.qll` file instead. - * Provides classes and predicates for the DOM-based XSS query. - */ -deprecated module DomBasedXss { - import DomBasedXssCustomizations::DomBasedXss -} - -/** - * DEPRECATED: Use the `DomBasedXssCustomizations.qll` file instead. - * Provides classes and predicates for the reflected XSS query. - */ -deprecated module ReflectedXss { - import ReflectedXssCustomizations::ReflectedXss -} - -/** - * DEPRECATED: Use the `StoredXssCustomizations.qll` file instead. - * Provides classes and predicates for the stored XSS query. - */ -deprecated module StoredXss { - import StoredXssCustomizations::StoredXss -} - -/** - * DEPRECATED: Use the `XssThroughDomCustomizations.qll` file instead. - * Provides classes and predicates for the XSS through DOM query. - */ -deprecated module XssThroughDom { - import XssThroughDomCustomizations::XssThroughDom -} - -/** - * DEPRECATED: Use the `ExceptionXssCustomizations.qll` file instead. - * Provides classes for customizing the `ExceptionXss` query. - */ -deprecated module ExceptionXss { - import ExceptionXssCustomizations::ExceptionXss -} diff --git a/javascript/ql/src/experimental/semmle/javascript/Actions.qll b/javascript/ql/src/experimental/semmle/javascript/Actions.qll deleted file mode 100644 index 2938cc14692..00000000000 --- a/javascript/ql/src/experimental/semmle/javascript/Actions.qll +++ /dev/null @@ -1,4 +0,0 @@ -/** DEPRECATED: Use `semmle.javascript.Actions` instead. */ -deprecated module Actions { - import semmle.javascript.Actions::Actions -} From 194f918c0b458e40f89d555aa2a67a3ba84f7420 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sat, 7 Oct 2023 22:01:11 +0200 Subject: [PATCH 09/13] Python: delete various outdated deprecations --- python/ql/lib/semmle/python/ApiGraphs.qll | 12 - .../frameworks/internal/SubclassFinder.qll | 3 - .../ql/lib/semmle/python/security/Paths.qll | 16 - .../semmle/python/security/strings/Basic.qll | 124 ------- .../semmle/python/security/strings/Common.qll | 14 - .../python/security/strings/External.qll | 318 ------------------ .../python/security/strings/Untrusted.qll | 10 - 7 files changed, 497 deletions(-) delete mode 100644 python/ql/lib/semmle/python/security/Paths.qll delete mode 100644 python/ql/lib/semmle/python/security/strings/Basic.qll delete mode 100644 python/ql/lib/semmle/python/security/strings/Common.qll delete mode 100644 python/ql/lib/semmle/python/security/strings/External.qll delete mode 100644 python/ql/lib/semmle/python/security/strings/Untrusted.qll diff --git a/python/ql/lib/semmle/python/ApiGraphs.qll b/python/ql/lib/semmle/python/ApiGraphs.qll index 032e0a98892..18202ebb524 100644 --- a/python/ql/lib/semmle/python/ApiGraphs.qll +++ b/python/ql/lib/semmle/python/ApiGraphs.qll @@ -155,18 +155,6 @@ module API { */ DataFlow::LocalSourceNode asSource() { Impl::use(this, result) } - /** DEPRECATED. This predicate has been renamed to `getAValueReachableFromSource()`. */ - deprecated DataFlow::Node getAUse() { result = this.getAValueReachableFromSource() } - - /** DEPRECATED. This predicate has been renamed to `asSource()`. */ - deprecated DataFlow::LocalSourceNode getAnImmediateUse() { result = this.asSource() } - - /** DEPRECATED. This predicate has been renamed to `asSink()`. */ - deprecated DataFlow::Node getARhs() { result = this.asSink() } - - /** DEPRECATED. This predicate has been renamed to `getAValueReachingSink()`. */ - deprecated DataFlow::Node getAValueReachingRhs() { result = this.getAValueReachingSink() } - /** * Gets a call to the function represented by this API component. */ diff --git a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll index f077eb3ba65..4228ec3f52c 100644 --- a/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll +++ b/python/ql/lib/semmle/python/frameworks/internal/SubclassFinder.qll @@ -73,9 +73,6 @@ private module NotExposed { result = "moduleImport(\"" + fullyQualified.replaceAll(".", "\").getMember(\"") + "\")" } - /** DEPRECATED: Alias for fullyQualifiedToApiGraphPath */ - deprecated predicate fullyQualifiedToAPIGraphPath = fullyQualifiedToApiGraphPath/1; - bindingset[this] abstract class FindSubclassesSpec extends string { abstract API::Node getAlreadyModeledClass(); diff --git a/python/ql/lib/semmle/python/security/Paths.qll b/python/ql/lib/semmle/python/security/Paths.qll deleted file mode 100644 index 9288a1eff61..00000000000 --- a/python/ql/lib/semmle/python/security/Paths.qll +++ /dev/null @@ -1,16 +0,0 @@ -import semmle.python.dataflow.Implementation - -deprecated module TaintTrackingPaths { - predicate edge(TaintTrackingNode src, TaintTrackingNode dest, string label) { - exists(TaintTrackingNode source, TaintTrackingNode sink | - source.getConfiguration().hasFlowPath(source, sink) and - source.getASuccessor*() = src and - src.getASuccessor(label) = dest and - dest.getASuccessor*() = sink - ) - } -} - -deprecated query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) { - TaintTrackingPaths::edge(fromnode, tonode, _) -} diff --git a/python/ql/lib/semmle/python/security/strings/Basic.qll b/python/ql/lib/semmle/python/security/strings/Basic.qll deleted file mode 100644 index 6bbae862c32..00000000000 --- a/python/ql/lib/semmle/python/security/strings/Basic.qll +++ /dev/null @@ -1,124 +0,0 @@ -import python -private import Common -import semmle.python.dataflow.TaintTracking - -/** An extensible kind of taint representing any kind of string. */ -abstract deprecated class StringKind extends TaintKind { - bindingset[this] - StringKind() { this = this } - - override TaintKind getTaintOfMethodResult(string name) { - name in [ - "capitalize", "casefold", "center", "expandtabs", "format", "format_map", "ljust", "lstrip", - "lower", "replace", "rjust", "rstrip", "strip", "swapcase", "title", "upper", "zfill", - /* encode/decode is technically not correct, but close enough */ - "encode", "decode" - ] and - result = this - or - name in ["partition", "rpartition", "rsplit", "split", "splitlines"] and - result.(SequenceKind).getItem() = this - } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - result = this and - ( - slice(fromnode, tonode) or - tonode.(BinaryExprNode).getAnOperand() = fromnode or - os_path_join(fromnode, tonode) or - str_format(fromnode, tonode) or - encode_decode(fromnode, tonode) or - to_str(fromnode, tonode) or - f_string(fromnode, tonode) - ) - or - result = this and copy_call(fromnode, tonode) - } - - override ClassValue getType() { - result = Value::named("bytes") or - result = Value::named("str") or - result = Value::named("unicode") - } -} - -deprecated private class StringEqualitySanitizer extends Sanitizer { - StringEqualitySanitizer() { this = "string equality sanitizer" } - - /* The test `if untrusted == "KNOWN_VALUE":` sanitizes `untrusted` on its `true` edge. */ - override predicate sanitizingEdge(TaintKind taint, PyEdgeRefinement test) { - taint instanceof StringKind and - exists(ControlFlowNode const, Cmpop op | const.getNode() instanceof StrConst | - ( - test.getTest().(CompareNode).operands(const, op, _) - or - test.getTest().(CompareNode).operands(_, op, const) - ) and - ( - op instanceof Eq and test.getSense() = true - or - op instanceof NotEq and test.getSense() = false - ) - ) - } -} - -/** tonode = ....format(fromnode) */ -deprecated private predicate str_format(ControlFlowNode fromnode, CallNode tonode) { - tonode.getFunction().(AttrNode).getName() = "format" and - tonode.getAnArg() = fromnode -} - -/** tonode = codec.[en|de]code(fromnode) */ -deprecated private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) { - exists(FunctionObject func, string name | - not func.getFunction().isMethod() and - func.getACall() = tonode and - tonode.getAnArg() = fromnode and - func.getName() = name - | - name = "encode" or - name = "decode" or - name = "decodestring" - ) -} - -/** tonode = str(fromnode) */ -deprecated private predicate to_str(ControlFlowNode fromnode, CallNode tonode) { - tonode.getAnArg() = fromnode and - ( - tonode = ClassValue::bytes().getACall() - or - tonode = ClassValue::unicode().getACall() - ) -} - -/** tonode = fromnode[:] */ -deprecated private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) { - exists(Slice all | - all = tonode.getIndex().getNode() and - not exists(all.getStart()) and - not exists(all.getStop()) and - tonode.getObject() = fromnode - ) -} - -/** tonode = os.path.join(..., fromnode, ...) */ -deprecated private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) { - tonode = Value::named("os.path.join").getACall() and - tonode.getAnArg() = fromnode -} - -/** tonode = f"... {fromnode} ..." */ -deprecated private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) { - tonode.getNode().(Fstring).getAValue() = fromnode.getNode() -} - -/** - * A kind of "taint", representing a dictionary mapping str->"taint" - * - * DEPRECATED: Use `ExternalStringDictKind` instead. - */ -deprecated class StringDictKind extends DictKind { - StringDictKind() { this.getValue() instanceof StringKind } -} diff --git a/python/ql/lib/semmle/python/security/strings/Common.qll b/python/ql/lib/semmle/python/security/strings/Common.qll deleted file mode 100644 index cb19fdd5461..00000000000 --- a/python/ql/lib/semmle/python/security/strings/Common.qll +++ /dev/null @@ -1,14 +0,0 @@ -import python - -/** A call that returns a copy (or similar) of the argument */ -deprecated predicate copy_call(ControlFlowNode fromnode, CallNode tonode) { - tonode.getFunction().(AttrNode).getObject("copy") = fromnode - or - exists(ModuleValue copy, string name | name = "copy" or name = "deepcopy" | - copy.attr(name).(FunctionValue).getACall() = tonode and - tonode.getArg(0) = fromnode - ) - or - tonode.getFunction().pointsTo(Value::named("reversed")) and - tonode.getArg(0) = fromnode -} diff --git a/python/ql/lib/semmle/python/security/strings/External.qll b/python/ql/lib/semmle/python/security/strings/External.qll deleted file mode 100644 index a5116e42e4e..00000000000 --- a/python/ql/lib/semmle/python/security/strings/External.qll +++ /dev/null @@ -1,318 +0,0 @@ -import python -import Basic -private import Common - -/** - * An extensible kind of taint representing an externally controlled string. - */ -abstract deprecated class ExternalStringKind extends StringKind { - bindingset[this] - ExternalStringKind() { this = this } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - result = StringKind.super.getTaintForFlowStep(fromnode, tonode) - or - tonode.(SequenceNode).getElement(_) = fromnode and - result.(ExternalStringSequenceKind).getItem() = this - or - json_load(fromnode, tonode) and result.(ExternalJsonKind).getValue() = this - or - tonode.(DictNode).getAValue() = fromnode and result.(ExternalStringDictKind).getValue() = this - or - urlsplit(fromnode, tonode) and result.(ExternalUrlSplitResult).getItem() = this - or - urlparse(fromnode, tonode) and result.(ExternalUrlParseResult).getItem() = this - or - parse_qs(fromnode, tonode) and result.(ExternalStringDictKind).getValue() = this - or - parse_qsl(fromnode, tonode) and result.(SequenceKind).getItem().(SequenceKind).getItem() = this - } -} - -/** A kind of "taint", representing a sequence, with a "taint" member */ -deprecated class ExternalStringSequenceKind extends SequenceKind { - ExternalStringSequenceKind() { this.getItem() instanceof ExternalStringKind } -} - -/** - * An hierarchical dictionary or list where the entire structure is externally controlled - * This is typically a parsed JSON object. - */ -deprecated class ExternalJsonKind extends TaintKind { - ExternalJsonKind() { this = "json[" + any(ExternalStringKind key) + "]" } - - /** Gets the taint kind for item in this sequence */ - TaintKind getValue() { - this = "json[" + result + "]" - or - result = this - } - - override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) { - this.taints(fromnode) and - json_subscript_taint(tonode, fromnode, this, result) - or - result = this and copy_call(fromnode, tonode) - } - - override TaintKind getTaintOfMethodResult(string name) { - name = "get" and result = this.getValue() - } -} - -/** A kind of "taint", representing a dictionary mapping keys to tainted strings. */ -deprecated class ExternalStringDictKind extends DictKind { - ExternalStringDictKind() { this.getValue() instanceof ExternalStringKind } -} - -/** - * A kind of "taint", representing a dictionary mapping keys to sequences of - * tainted strings. - */ -deprecated class ExternalStringSequenceDictKind extends DictKind { - ExternalStringSequenceDictKind() { this.getValue() instanceof ExternalStringSequenceKind } -} - -/** TaintKind for the result of `urlsplit(tainted_string)` */ -deprecated class ExternalUrlSplitResult extends ExternalStringSequenceKind { - // https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlsplit - override TaintKind getTaintOfAttribute(string name) { - result = super.getTaintOfAttribute(name) - or - name in [ - // namedtuple field names - "scheme", "netloc", "path", "query", "fragment", - // class methods - "password", "username", "hostname", - ] and - result instanceof ExternalStringKind - } - - override TaintKind getTaintOfMethodResult(string name) { - result = super.getTaintOfMethodResult(name) - or - name = "geturl" and - result instanceof ExternalStringKind - } -} - -/** TaintKind for the result of `urlparse(tainted_string)` */ -deprecated class ExternalUrlParseResult extends ExternalStringSequenceKind { - // https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse - override TaintKind getTaintOfAttribute(string name) { - result = super.getTaintOfAttribute(name) - or - name in [ - // namedtuple field names - "scheme", "netloc", "path", "params", "query", "fragment", - // class methods - "username", "password", "hostname", - ] and - result instanceof ExternalStringKind - } - - override TaintKind getTaintOfMethodResult(string name) { - result = super.getTaintOfMethodResult(name) - or - name = "geturl" and - result instanceof ExternalStringKind - } -} - -/* Helper for getTaintForStep() */ -pragma[noinline] -deprecated private predicate json_subscript_taint( - SubscriptNode sub, ControlFlowNode obj, ExternalJsonKind seq, TaintKind key -) { - sub.isLoad() and - sub.getObject() = obj and - key = seq.getValue() -} - -deprecated private predicate json_load(ControlFlowNode fromnode, CallNode tonode) { - tonode = Value::named("json.loads").getACall() and - tonode.getArg(0) = fromnode -} - -deprecated private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) { - // This could be implemented as `exists(FunctionValue` without the explicit six part, - // but then our tests will need to import +100 modules, so for now this slightly - // altered version gets to live on. - exists(Value urlsplit | - ( - urlsplit = Value::named("six.moves.urllib.parse.urlsplit") - or - // Python 2 - urlsplit = Value::named("urlparse.urlsplit") - or - // Python 3 - urlsplit = Value::named("urllib.parse.urlsplit") - ) and - tonode = urlsplit.getACall() and - tonode.getArg(0) = fromnode - ) -} - -deprecated private predicate urlparse(ControlFlowNode fromnode, CallNode tonode) { - // This could be implemented as `exists(FunctionValue` without the explicit six part, - // but then our tests will need to import +100 modules, so for now this slightly - // altered version gets to live on. - exists(Value urlparse | - ( - urlparse = Value::named("six.moves.urllib.parse.urlparse") - or - // Python 2 - urlparse = Value::named("urlparse.urlparse") - or - // Python 3 - urlparse = Value::named("urllib.parse.urlparse") - ) and - tonode = urlparse.getACall() and - tonode.getArg(0) = fromnode - ) -} - -deprecated private predicate parse_qs(ControlFlowNode fromnode, CallNode tonode) { - // This could be implemented as `exists(FunctionValue` without the explicit six part, - // but then our tests will need to import +100 modules, so for now this slightly - // altered version gets to live on. - exists(Value parse_qs | - ( - parse_qs = Value::named("six.moves.urllib.parse.parse_qs") - or - // Python 2 - parse_qs = Value::named("urlparse.parse_qs") - or - // Python 2 deprecated version of `urlparse.parse_qs` - parse_qs = Value::named("cgi.parse_qs") - or - // Python 3 - parse_qs = Value::named("urllib.parse.parse_qs") - ) and - tonode = parse_qs.getACall() and - ( - tonode.getArg(0) = fromnode - or - tonode.getArgByName("qs") = fromnode - ) - ) -} - -deprecated private predicate parse_qsl(ControlFlowNode fromnode, CallNode tonode) { - // This could be implemented as `exists(FunctionValue` without the explicit six part, - // but then our tests will need to import +100 modules, so for now this slightly - // altered version gets to live on. - exists(Value parse_qsl | - ( - parse_qsl = Value::named("six.moves.urllib.parse.parse_qsl") - or - // Python 2 - parse_qsl = Value::named("urlparse.parse_qsl") - or - // Python 2 deprecated version of `urlparse.parse_qsl` - parse_qsl = Value::named("cgi.parse_qsl") - or - // Python 3 - parse_qsl = Value::named("urllib.parse.parse_qsl") - ) and - tonode = parse_qsl.getACall() and - ( - tonode.getArg(0) = fromnode - or - tonode.getArgByName("qs") = fromnode - ) - ) -} - -/** A kind of "taint", representing an open file-like object from an external source. */ -deprecated class ExternalFileObject extends TaintKind { - ExternalStringKind valueKind; - - ExternalFileObject() { this = "file[" + valueKind + "]" } - - /** Gets the taint kind for the contents of this file */ - TaintKind getValue() { result = valueKind } - - override TaintKind getTaintOfMethodResult(string name) { - name in ["read", "readline"] and result = this.getValue() - or - name = "readlines" and result.(SequenceKind).getItem() = this.getValue() - } - - override TaintKind getTaintForIteration() { result = this.getValue() } -} - -/** - * Temporary sanitizer for the tainted result from `urlsplit` and `urlparse`. Can be used to reduce FPs until - * we have better support for namedtuples. - * - * Will clear **all** taint on a test of the kind. That is, on the true edge of any matching test, - * all fields/indexes will be cleared of taint. - * - * Handles: - * - `if splitres.netloc == "KNOWN_VALUE"` - * - `if splitres[0] == "KNOWN_VALUE"` - */ -deprecated class UrlsplitUrlparseTempSanitizer extends Sanitizer { - // TODO: remove this once we have better support for named tuples - UrlsplitUrlparseTempSanitizer() { this = "UrlsplitUrlparseTempSanitizer" } - - override predicate sanitizingEdge(TaintKind taint, PyEdgeRefinement test) { - ( - taint instanceof ExternalUrlSplitResult - or - taint instanceof ExternalUrlParseResult - ) and - exists(ControlFlowNode full_use | - full_use.(SubscriptNode).getObject() = test.getInput().getAUse() - or - full_use.(AttrNode).getObject() = test.getInput().getAUse() - | - this.clears_taint(full_use, test.getTest(), test.getSense()) - ) - } - - private predicate clears_taint(ControlFlowNode tainted, ControlFlowNode test, boolean sense) { - this.test_equality_with_const(test, tainted, sense) - or - this.test_in_const_seq(test, tainted, sense) - or - test.(UnaryExprNode).getNode().getOp() instanceof Not and - exists(ControlFlowNode nested_test | - nested_test = test.(UnaryExprNode).getOperand() and - this.clears_taint(tainted, nested_test, sense.booleanNot()) - ) - } - - /** holds for `== "KNOWN_VALUE"` on `true` edge, and `!= "KNOWN_VALUE"` on `false` edge */ - private predicate test_equality_with_const(CompareNode cmp, ControlFlowNode tainted, boolean sense) { - exists(ControlFlowNode const, Cmpop op | const.getNode() instanceof StrConst | - ( - cmp.operands(const, op, tainted) - or - cmp.operands(tainted, op, const) - ) and - ( - op instanceof Eq and sense = true - or - op instanceof NotEq and sense = false - ) - ) - } - - /** holds for `in ["KNOWN_VALUE", ...]` on `true` edge, and `not in ["KNOWN_VALUE", ...]` on `false` edge */ - private predicate test_in_const_seq(CompareNode cmp, ControlFlowNode tainted, boolean sense) { - exists(SequenceNode const_seq, Cmpop op | - forall(ControlFlowNode elem | elem = const_seq.getAnElement() | - elem.getNode() instanceof StrConst - ) - | - cmp.operands(tainted, op, const_seq) and - ( - op instanceof In and sense = true - or - op instanceof NotIn and sense = false - ) - ) - } -} diff --git a/python/ql/lib/semmle/python/security/strings/Untrusted.qll b/python/ql/lib/semmle/python/security/strings/Untrusted.qll deleted file mode 100644 index 2916b723a8f..00000000000 --- a/python/ql/lib/semmle/python/security/strings/Untrusted.qll +++ /dev/null @@ -1,10 +0,0 @@ -import python -import External - -/** - * A kind of taint representing an externally controlled string. - * This class is a simple sub-class of `ExternalStringKind`. - */ -deprecated class UntrustedStringKind extends ExternalStringKind { - UntrustedStringKind() { this = "externally controlled string" } -} From 57c757c0a6f6f88b187c58694fdd7dfee139bb04 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sun, 8 Oct 2023 19:49:49 +0200 Subject: [PATCH 10/13] Ruby: delete outdated deprecation in test code --- .../barrier-guards/barrier-guards.expected | 29 ------------------- .../dataflow/barrier-guards/barrier-guards.ql | 6 ---- 2 files changed, 35 deletions(-) diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected index 90e628c6c33..798f7c3e3a3 100644 --- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected +++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.expected @@ -1,34 +1,5 @@ -WARNING: Type BarrierGuard has been deprecated and may be removed in future (barrier-guards.ql:10,3-15) testFailures failures -oldStyleBarrierGuards -| barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | barrier-guards.rb:3:4:3:6 | foo | true | -| barrier-guards.rb:3:4:3:15 | ... == ... | barrier-guards.rb:4:5:4:7 | foo | barrier-guards.rb:3:11:3:15 | "foo" | true | -| barrier-guards.rb:9:4:9:24 | call to include? | barrier-guards.rb:10:5:10:7 | foo | barrier-guards.rb:9:21:9:23 | foo | true | -| barrier-guards.rb:15:4:15:15 | ... != ... | barrier-guards.rb:18:5:18:7 | foo | barrier-guards.rb:15:4:15:6 | foo | false | -| barrier-guards.rb:15:4:15:15 | ... != ... | barrier-guards.rb:18:5:18:7 | foo | barrier-guards.rb:15:11:15:15 | "foo" | false | -| barrier-guards.rb:21:8:21:19 | ... == ... | barrier-guards.rb:24:5:24:7 | foo | barrier-guards.rb:21:8:21:10 | foo | true | -| barrier-guards.rb:21:8:21:19 | ... == ... | barrier-guards.rb:24:5:24:7 | foo | barrier-guards.rb:21:15:21:19 | "foo" | true | -| barrier-guards.rb:27:8:27:19 | ... != ... | barrier-guards.rb:28:5:28:7 | foo | barrier-guards.rb:27:8:27:10 | foo | false | -| barrier-guards.rb:27:8:27:19 | ... != ... | barrier-guards.rb:28:5:28:7 | foo | barrier-guards.rb:27:15:27:19 | "foo" | false | -| barrier-guards.rb:37:4:37:20 | call to include? | barrier-guards.rb:38:5:38:7 | foo | barrier-guards.rb:37:17:37:19 | foo | true | -| barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:4:43:6 | foo | true | -| barrier-guards.rb:43:4:43:15 | ... == ... | barrier-guards.rb:45:9:45:11 | foo | barrier-guards.rb:43:11:43:15 | "foo" | true | -| barrier-guards.rb:70:4:70:21 | call to include? | barrier-guards.rb:71:5:71:7 | foo | barrier-guards.rb:70:18:70:20 | foo | true | -| barrier-guards.rb:82:4:82:25 | ... != ... | barrier-guards.rb:83:5:83:7 | foo | barrier-guards.rb:82:15:82:17 | foo | true | -| barrier-guards.rb:207:4:207:15 | ... == ... | barrier-guards.rb:208:5:208:7 | foo | barrier-guards.rb:207:4:207:6 | foo | true | -| barrier-guards.rb:211:10:211:21 | ... == ... | barrier-guards.rb:212:5:212:7 | foo | barrier-guards.rb:211:10:211:12 | foo | true | -| barrier-guards.rb:215:16:215:27 | ... == ... | barrier-guards.rb:216:5:216:7 | foo | barrier-guards.rb:215:16:215:18 | foo | true | -| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:219:21:219:23 | foo | barrier-guards.rb:219:4:219:6 | foo | true | -| barrier-guards.rb:219:4:219:15 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | barrier-guards.rb:219:4:219:6 | foo | true | -| barrier-guards.rb:219:21:219:32 | ... == ... | barrier-guards.rb:220:5:220:7 | foo | barrier-guards.rb:219:21:219:23 | foo | true | -| barrier-guards.rb:232:6:232:17 | ... == ... | barrier-guards.rb:233:5:233:7 | foo | barrier-guards.rb:232:6:232:8 | foo | true | -| barrier-guards.rb:237:6:237:17 | ... == ... | barrier-guards.rb:237:24:237:26 | foo | barrier-guards.rb:237:6:237:8 | foo | true | -| barrier-guards.rb:259:4:259:16 | ... == ... | barrier-guards.rb:260:5:260:7 | foo | barrier-guards.rb:259:4:259:6 | foo | true | -| barrier-guards.rb:264:4:264:16 | ... == ... | barrier-guards.rb:265:5:265:7 | foo | barrier-guards.rb:264:4:264:6 | foo | true | -| barrier-guards.rb:272:1:272:12 | ... == ... | barrier-guards.rb:272:17:272:19 | foo | barrier-guards.rb:272:1:272:3 | foo | true | -| barrier-guards.rb:275:4:275:19 | call to include? | barrier-guards.rb:276:5:276:7 | foo | barrier-guards.rb:275:17:275:19 | foo | true | -| barrier-guards.rb:281:4:281:20 | call to include? | barrier-guards.rb:282:5:282:7 | foo | barrier-guards.rb:281:18:281:20 | foo | true | newStyleBarrierGuards | barrier-guards.rb:4:5:4:7 | foo | | barrier-guards.rb:10:5:10:7 | foo | diff --git a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql index 0c8ba907734..f872dd89aee 100644 --- a/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql +++ b/ruby/ql/test/library-tests/dataflow/barrier-guards/barrier-guards.ql @@ -6,12 +6,6 @@ import codeql.ruby.controlflow.BasicBlocks import codeql.ruby.DataFlow import TestUtilities.InlineExpectationsTest -query predicate oldStyleBarrierGuards( - BarrierGuard g, DataFlow::Node guardedNode, ExprCfgNode expr, boolean branch -) { - g.checks(expr, branch) and guardedNode = g.getAGuardedNode() -} - query predicate newStyleBarrierGuards(DataFlow::Node n) { n instanceof StringConstCompareBarrier or n instanceof StringConstArrayInclusionCallBarrier From f48b47c656cfe727ce77bdc457f12ba7aaee7f8d Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sun, 8 Oct 2023 19:50:05 +0200 Subject: [PATCH 11/13] JavaScript: add import that populate the shared abstract classes --- .../ql/lib/semmle/javascript/security/dataflow/Xss.qll | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index 22feaca99eb..fc2db8e9f87 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -20,6 +20,13 @@ module Shared { string getVulnerabilityKind() { result = "Cross-site scripting" } } + // import the various XSS query customizations, they populate the shared classes + private import DomBasedXssCustomizations + private import ReflectedXssCustomizations + private import StoredXssCustomizations + private import XssThroughDomCustomizations + private import ExceptionXssCustomizations + /** A sanitizer for XSS vulnerabilities. */ abstract class Sanitizer extends DataFlow::Node { } From a7ab9fd93ba5582c89a79cc7eaa36968c17e8faa Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 9 Oct 2023 09:43:06 +0200 Subject: [PATCH 12/13] add change-notes --- .../change-notes/2023-10-09-outdated-deprecations.md | 5 +++++ .../change-notes/2023-10-09-outdated-deprecations.md | 4 ++++ .../change-notes/2023-10-09-outdated-deprecations.md | 4 ++++ .../change-notes/2023-10-09-outdated-deprecations.md | 12 ++++++++++++ .../change-notes/2023-10-09-outdated-deprecations.md | 9 +++++++++ .../change-notes/2023-10-09-outdated-deprecations.md | 9 +++++++++ .../change-notes/2023-10-09-outdated-deprecations.md | 8 ++++++++ 7 files changed, 51 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md create mode 100644 ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md diff --git a/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..7de425ff9f4 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`. +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..68748fbc4b8 --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..68748fbc4b8 --- /dev/null +++ b/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. diff --git a/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..e5701bd768d --- /dev/null +++ b/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,12 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAValue` predicate from the `Annotation` class. +* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead. +* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class. +* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class. +* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class. +* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`. +* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead. +* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead. diff --git a/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..0b36012f85f --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. +* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`. +* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`. +* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead. +* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead. +* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead. diff --git a/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..25f617c606a --- /dev/null +++ b/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `getAUse`, `getAnImmediateUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class. +* Deleted the deprecated `fullyQualifiedToAPIGraphPath` class from `SubclassFinder.qll`, use `fullyQualifiedToApiGraphPath` instead. +* Deleted the deprecated `Paths.qll` file. +* Deleted the deprecated `semmle.python.security.performance` folder, use `semmle.python.security.regexp` instead. +* Deleted the deprecated `semmle.python.security.strings` and `semmle.python.web` folders. diff --git a/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md b/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md new file mode 100644 index 00000000000..d7dd2607a01 --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md @@ -0,0 +1,8 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead. +* Deleted the deprecated `isWeak` predicate from the `CryptographicOperation` class. +* Deleted the deprecated `getStringOrSymbol` and `isStringOrSymbol` predicates from the `ConstantValue` class. +* Deleted the deprecated `getAPI` from the `IOOrFileMethodCall` class. +* Deleted the deprecated `codeql.ruby.security.performance` folder, use `codeql.ruby.security.regexp` instead. From e1b2f81f43920f166081efba3d166f27438c91ce Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 9 Oct 2023 13:29:41 +0200 Subject: [PATCH 13/13] Revert "update doc example to not use `isBarrierGuard`" This reverts commit 28f8c1cc11f47ef398e92905431a91e2cdc0292a. --- ...-labels-for-precise-data-flow-analysis.rst | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 06f657d5003..8625d637366 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -139,24 +139,29 @@ is a barrier guard blocking flow through the use of ``data`` on the right-hand s At this point we know that ``data`` has evaluated to a truthy value, so it cannot be ``null`` anymore. -Implementing this additional condition is easy. We implement a predicate with the following signature: +Implementing this additional condition is easy. We implement a subclass of ``DataFlow::BarrierGuardNode``: .. code-block:: ql - private predicate truthinessCheck(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) { - exists(SsaVariable v | - g = v.getAUse() and - node = g and - branch = true - ) + class TruthinessCheck extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { + SsaVariable v; + + TruthinessCheck() { + astNode = v.getAUse() + } + + override predicate blocks(boolean outcome, Expr e) { + outcome = true and + e = astNode + } } -and then use it to override predicate ``isBarrier`` in our configuration class: +and then use it to override predicate ``isBarrierGuard`` in our configuration class: .. code-block:: ql - override predicate isBarrier(DataFlow::Node node) { - node = DataFlow::BarrierGuard::getABarrierNode() + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof TruthinessCheck } With this change, we now flag the problematic case and don't flag the unproblematic case above.