delete old deprecations

javascript/ql/lib/semmle/javascript/Collections.qll

@@ -9,118 +9,6 @@ private import semmle.javascript.dataflow.internal.StepSummary
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
 private import DataFlow::PseudoProperties
 
-/**
- * DEPRECATED. Exists only to support other deprecated elements.
- *
- * Type-tracking now automatically determines the set of pseudo-properties to include
- * ased on which properties are contributed by `SharedTaintStep`s.
- */
-deprecated private class PseudoProperty extends string {
-  PseudoProperty() {
-    this = [arrayLikeElement(), "1"] or // the "1" is required for the `ForOfStep`.
-    this =
-      [
-        mapValue(any(DataFlow::CallNode c | c.getCalleeName() = "set").getArgument(0)),
-        mapValueAll()
-      ]
-  }
-}
-
-/**
- * DEPRECATED. Use `SharedFlowStep` or `SharedTaintTrackingStep` instead.
- */
-abstract deprecated class CollectionFlowStep extends DataFlow::AdditionalFlowStep {
-  final override predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
-
-  final override predicate step(
-    DataFlow::Node p, DataFlow::Node s, DataFlow::FlowLabel pl, DataFlow::FlowLabel sl
-  ) {
-    none()
-  }
-
-  /**
-   * Holds if the property `prop` of the object `pred` should be loaded into `succ`.
-   */
-  predicate load(DataFlow::Node pred, DataFlow::Node succ, PseudoProperty prop) { none() }
-
-  final override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
-    this.load(pred, succ, prop)
-  }
-
-  /**
-   * Holds if `pred` should be stored in the object `succ` under the property `prop`.
-   */
-  predicate store(DataFlow::Node pred, DataFlow::SourceNode succ, PseudoProperty prop) { none() }
-
-  final override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) {
-    this.store(pred, succ, prop)
-  }
-
-  /**
-   * Holds if the property `prop` should be copied from the object `pred` to the object `succ`.
-   */
-  predicate loadStore(DataFlow::Node pred, DataFlow::Node succ, PseudoProperty prop) { none() }
-
-  final override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
-    this.loadStore(pred, succ, prop, prop)
-  }
-
-  /**
-   * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`.
-   */
-  predicate loadStore(
-    DataFlow::Node pred, DataFlow::Node succ, PseudoProperty loadProp, PseudoProperty storeProp
-  ) {
-    none()
-  }
-
-  final override predicate loadStoreStep(
-    DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp
-  ) {
-    this.loadStore(pred, succ, loadProp, storeProp)
-  }
-}
-
-/**
- * DEPRECATED. These steps are now included in the default type tracking steps,
- * in most cases one can simply use those instead.
- */
-deprecated module CollectionsTypeTracking {
-  /**
-   * Gets the result from a single step through a collection, from `pred` to `result` summarized by `summary`.
-   */
-  pragma[inline]
-  DataFlow::SourceNode collectionStep(DataFlow::Node pred, StepSummary summary) {
-    exists(PseudoProperty field |
-      summary = LoadStep(field) and
-      DataFlow::SharedTypeTrackingStep::loadStep(pred, result, field) and
-      not field = mapValueUnknownKey() // prune unknown reads in type-tracking
-      or
-      summary = StoreStep(field) and
-      DataFlow::SharedTypeTrackingStep::storeStep(pred, result, field)
-      or
-      summary = CopyStep(field) and
-      DataFlow::SharedTypeTrackingStep::loadStoreStep(pred, result, field)
-      or
-      exists(PseudoProperty toField | summary = LoadStoreStep(field, toField) |
-        DataFlow::SharedTypeTrackingStep::loadStoreStep(pred, result, field, toField)
-      )
-    )
-  }
-
-  /**
-   * Gets the result from a single step through a collection, from `pred` with tracker `t2` to `result` with tracker `t`.
-   */
-  pragma[inline]
-  DataFlow::SourceNode collectionStep(
-    DataFlow::SourceNode pred, DataFlow::TypeTracker t, DataFlow::TypeTracker t2
-  ) {
-    exists(DataFlow::Node mid, StepSummary summary | pred.flowsTo(mid) and t = t2.append(summary) |
-      result = collectionStep(mid, summary)
-    )
-  }
-}
-
 /**
  * A module for data-flow steps related standard library collection implementations.
  */

javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll

@@ -523,22 +523,6 @@ abstract class LabeledBarrierGuardNode extends BarrierGuardNode {
   override predicate blocks(boolean outcome, Expr e) { none() }
 }
 
-/**
- * DEPRECATED. Subclasses should extend `SharedFlowStep` instead, unless the subclass
- * is part of a query, in which case it should be moved into the `isAdditionalFlowStep` predicate
- * of the relevant data-flow configuration.
- * Other uses of the predicate in this class should instead reference the predicates in the
- * `SharedFlowStep::` module, such as `SharedFlowStep::step`.
- *
- * A data flow edge that should be added to all data flow configurations in
- * addition to standard data flow edges.
- *
- * Note: For performance reasons, all subclasses of this class should be part
- * of the standard library. Override `Configuration::isAdditionalFlowStep`
- * for analysis-specific flow steps.
- */
-deprecated class AdditionalFlowStep = LegacyAdditionalFlowStep;
-
 // Internal version of AdditionalFlowStep that we can reference without deprecation warnings.
 abstract private class LegacyAdditionalFlowStep extends DataFlow::Node {
   /**

javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll

@@ -456,22 +456,6 @@ module TaintTracking {
     promiseStep(pred, succ)
   }
 
-  /**
-   * DEPRECATED. Subclasses should extend `SharedTaintStep` instead, unless the subclass
-   * is part of a query, in which case it should be moved into the `isAdditionalTaintStep` predicate
-   * of the relevant taint-tracking configuration.
-   * Other uses of the `step` relation in this class should instead use the `TaintTracking::sharedTaintStep`
-   * predicate.
-   *
-   * A taint-propagating data flow edge that should be added to all taint tracking
-   * configurations in addition to standard data flow edges.
-   *
-   * Note: For performance reasons, all subclasses of this class should be part
-   * of the standard library. Override `Configuration::isAdditionalTaintStep`
-   * for analysis-specific taint steps.
-   */
-  deprecated class AdditionalTaintStep = InternalAdditionalTaintStep;
-
   /** Internal version of `AdditionalTaintStep` that won't trigger deprecation warnings. */
   abstract private class InternalAdditionalTaintStep extends DataFlow::Node {
     /**

javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll

@@ -450,20 +450,6 @@ module SharedTypeTrackingStep {
   }
 }
 
-/**
- * DEPRECATED. Use `SharedTypeTrackingStep` instead.
- *
- * A data flow edge that should be followed by type tracking.
- *
- * Unlike `AdditionalFlowStep`, this type of edge does not affect
- * the local data flow graph, and is not used by data-flow configurations.
- *
- * Note: For performance reasons, all subclasses of this class should be part
- * of the standard library. For query-specific steps, consider including the
- * custom steps in the type-tracking predicate itself.
- */
-deprecated class AdditionalTypeTrackingStep = LegacyTypeTrackingStep;
-
 // Internal version of AdditionalTypeTrackingStep that we can reference without deprecation warnings.
 abstract private class LegacyTypeTrackingStep extends DataFlow::Node {
   /**

javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll

@@ -4,16 +4,6 @@
 
 import javascript
 
-/**
- * DEPRECATED. Use `TaintTracking::SharedTaintStep` or `TaintTracking::uriStep` instead.
- *
- * A taint propagating data flow edge arising from an operation in a URI library.
- */
-abstract deprecated class UriLibraryStep extends DataFlow::ValueNode {
-  /** Holds if `pred -> succ` is a step through a URI library function. */
-  predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
-}
-
 /** DEPRECATED: Alias for `Urijs` */
 deprecated module urijs = Urijs;
 

javascript/ql/lib/semmle/javascript/security/SensitiveActions.qll

@@ -25,24 +25,6 @@ abstract class SensitiveExpr extends Expr {
   abstract SensitiveDataClassification getClassification();
 }
 
-/** DEPRECATED: Use `SensitiveDataClassification` and helpers instead. */
-deprecated module SensitiveExpr {
-  /** DEPRECATED: Use `SensitiveDataClassification` instead. */
-  deprecated class Classification = SensitiveDataClassification;
-
-  /** DEPRECATED: Use `SensitiveDataClassification::secret` instead. */
-  deprecated predicate secret = SensitiveDataClassification::secret/0;
-
-  /** DEPRECATED: Use `SensitiveDataClassification::id` instead. */
-  deprecated predicate id = SensitiveDataClassification::id/0;
-
-  /** DEPRECATED: Use `SensitiveDataClassification::password` instead. */
-  deprecated predicate password = SensitiveDataClassification::password/0;
-
-  /** DEPRECATED: Use `SensitiveDataClassification::certificate` instead. */
-  deprecated predicate certificate = SensitiveDataClassification::certificate/0;
-}
-
 /** A function call that might produce sensitive data. */
 class SensitiveCall extends SensitiveExpr, InvokeExpr {
   SensitiveDataClassification classification;

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

@@ -52,13 +52,6 @@ module ClientSideUrlRedirect {
     }
   }
 
-  /**
-   * DEPRECATED. Can usually be replaced with `untrustedUrlSubstring`.
-   * Query accesses via `location.hash` or `location.search` are now independent
-   * `RemoteFlowSource` instances, and only substrings of `location` need to be handled via steps.
-   */
-  deprecated predicate queryAccess = untrustedUrlSubstring/2;
-
   /**
    * Holds if `substring` refers to a substring of `base` which is considered untrusted
    * when `base` is the current URL.

javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll

@@ -52,20 +52,6 @@ deprecated predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() }
 /** DEPRECATED: Alias for isDocumentUrl */
 deprecated predicate isDocumentURL = isDocumentUrl/1;
 
-/**
- * DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as
- * taint tracking no longer step through the properties of the location object by default.
- *
- * Holds if `pacc` accesses a part of `document.location` that is
- * not considered user-controlled, that is, anything except
- * `href`, `hash` and `search`.
- */
-deprecated predicate isSafeLocationProperty(PropAccess pacc) {
-  exists(string prop | pacc = DOM::locationRef().getAPropertyRead(prop).asExpr() |
-    prop != "href" and prop != "hash" and prop != "search"
-  )
-}
-
 /**
  * A call to a DOM method.
  */

javascript/ql/lib/semmle/javascript/security/dataflow/MissingRateLimiting.qll

@@ -118,15 +118,6 @@ deprecated class RouteHandlerExpressionWithRateLimiter extends Expr {
   }
 }
 
-/**
- * DEPRECATED. Use `RateLimitingMiddleware` instead.
- *
- * A middleware that acts as a rate limiter.
- */
-deprecated class RateLimiter extends Express::RouteHandlerExpr {
-  RateLimiter() { any(RateLimitingMiddleware m).ref().flowsToExpr(this) }
-}
-
 /**
  * The creation of a middleware function that acts as a rate limiter.
  */

javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll

@@ -106,16 +106,6 @@ module HeuristicNames {
       "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|code)|certain|concert|secretar|accountant|accountab).*"
   }
 
-  /**
-   * DEPRECATED: Use `maybeSensitiveRegexp` instead.
-   */
-  deprecated predicate maybeSensitive = maybeSensitiveRegexp/1;
-
-  /**
-   * DEPRECATED: Use `notSensitiveRegexp` instead.
-   */
-  deprecated predicate notSensitive = notSensitiveRegexp/0;
-
   /**
    * Holds if `name` may indicate the presence of sensitive data, and
    * `name` does not indicate that the data is in fact non-sensitive (for example since