hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #734 from xiemaisi/js/remove-deprecated

Browse Source 
Approved by esben-semmle
This commit is contained in:
semmle-qlci
2019-01-09 15:20:04 +00:00
committed by GitHub
parent 89becbce9a 89447846f1
commit 79734603ce
42 changed files with 1 additions and 1319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.20/analysis-javascript.md
View File

@@ -36,3 +36,4 @@
* `DataFlow::SourceNode` is no longer an abstract class; to add new source nodes, extend `DataFlow::SourceNode::Range` instead.
* Subclasses of `DataFlow::PropRead` are no longer automatically made source nodes; you now need to additionally define a corresponding subclass of `DataFlow::SourceNode::Range` to achieve this.
* The deprecated libraries `semmle.javascript.DataFlow` and `semmle.javascript.dataflow.CallGraph` have been removed; they are both superseded by `semmle.javascript.dataflow.DataFlow`.

2
javascript/ql/src/javascript.qll
View File

@@ -11,7 +11,6 @@ import semmle.javascript.Classes
import semmle.javascript.Comments
import semmle.javascript.Concepts
import semmle.javascript.Constants
import semmle.javascript.DataFlow
import semmle.javascript.DefUse
import semmle.javascript.DOM
import semmle.javascript.EmailClients
@@ -49,7 +48,6 @@ import semmle.javascript.Util
import semmle.javascript.Variables
import semmle.javascript.XML
import semmle.javascript.YAML
import semmle.javascript.dataflow.CallGraph
import semmle.javascript.dataflow.DataFlow
import semmle.javascript.dataflow.TaintTracking
import semmle.javascript.dataflow.TypeInference

8
javascript/ql/src/semmle/javascript/AMD.qll
View File

@@ -51,14 +51,6 @@ class AMDModuleDefinition extends CallExpr {
result = getARequireCall().getAnArgument()
}
/**
* DEPRECATED: Use `getFactoryNode` instead.
*
* Gets the factory expression of this module definition,
* which may be a function or a literal.
*/
deprecated Expr getFactoryExpr() { result = getFactoryNode().asExpr() }
/**
* Gets a data flow node containing the factory value of this module definition.
*/

14
javascript/ql/src/semmle/javascript/CanonicalNames.qll
View File

@@ -221,13 +221,6 @@ class TypeName extends CanonicalName {
*/
TypeReference getATypeReference() { result.getTypeName() = this }
/**
* DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead.
*
* Gets the qualified name without the root.
*/
deprecated string getQualifiedName() { result = getRelativeName() }
/**
* Gets a type named in the `extends` or `implements` clause of this type.
*/
@@ -265,13 +258,6 @@ class Namespace extends CanonicalName {
*/
NamespaceAccess getAnAccess() { result.getNamespace() = this }
/**
* DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead.
*
* Gets the qualified name without the root.
*/
deprecated string getQualifiedName() { result = getRelativeName() }
/** Gets a namespace nested in this one. */
Namespace getNamespaceMember(string name) {
result.getParent() = this and

9
javascript/ql/src/semmle/javascript/Comments.qll
View File

@@ -44,15 +44,6 @@ class HtmlCommentStart extends @htmlcommentstart, HtmlLineComment { }
/** An HTML comment end token interpreted as a line comment. */
class HtmlCommentEnd extends @htmlcommentend, HtmlLineComment { }
/** DERECATED: Use `HtmlLineComment` instead. */
deprecated class HTMLComment = HtmlLineComment;
/** DERECATED: Use `HtmlCommentStart` instead. */
deprecated class HTMLCommentStart = HtmlCommentStart;
/** DERECATED: Use `HtmlCommentEnd` instead. */
deprecated class HTMLCommentEnd = HtmlCommentEnd;
/** A `//` comment. */
class SlashSlashComment extends @slashslashcomment, LineComment { }

591
javascript/ql/src/semmle/javascript/DataFlow.qll
View File

@@ -1,591 +0,0 @@
/**
* DEPRECATED: Use the new data flow library instead.
*
* Provides a class `DataFlowNode` for working with a data flow graph-based
* program representation.
*
* We distinguish between _local flow_ and _non-local flow_.
*
* Local flow only considers three kinds of data flow:
*
* 1. Flow within an expression, for example from the operands of a `&&`
* expression to the expression itself.
* 2. Flow through local variables, that is, from definitions to uses.
* Captured variables are treated flow-insensitively, that is, all
* definitions are considered to flow to all uses, while for non-captured
* variables only definitions that can actually reach a use are considered.
* 3. Flow into and out of immediately invoked function expressions, that is,
* flow from arguments to parameters, and from returned expressions to the
* function expression itself.
*
* Non-local flow additionally tracks data flow through global variables.
*
* Flow through object properties or function calls is not modelled (except
* for immediately invoked functions as explained above).
*/
import javascript
/**
* DEPRECATED: Use `DataFlow::Node` instead.
*
* An expression or function/class declaration, viewed as a node in a data flow graph.
*/
deprecated class DataFlowNode extends @dataflownode {
/**
* Gets another flow node from which data may flow to this node in one local step.
*/
cached
DataFlowNode localFlowPred() {
// to be overridden by subclasses
none()
}
/**
* Gets another flow node from which data may flow to this node in one non-local step.
*/
DataFlowNode nonLocalFlowPred() {
// to be overridden by subclasses
none()
}
/**
* Gets another flow node from which data may flow to this node in one step,
* either locally or non-locally.
*/
DataFlowNode flowPred() { result = localFlowPred() or result = nonLocalFlowPred() }
/**
* Gets a source flow node (that is, a node without a `localFlowPred()`) from which data
* may flow to this node in zero or more local steps.
*/
cached
deprecated DataFlowNode getALocalSource() {
isLocalSource(result) and
(
result = this
or
locallyReachable(result, this)
)
}
/**
* Gets a source flow node (that is, a node without a `flowPred()`) from which data
* may flow to this node in zero or more steps, considering both local and non-local flow.
*/
DataFlowNode getASource() {
if exists(flowPred()) then result = flowPred().getASource() else result = this
}
/**
* Holds if the flow information for this node is incomplete.
*
* This predicate holds if there may be a source flow node from which data flows into
* this node, but that node is not a result of `getASource()` due to analysis incompleteness.
* The parameter `cause` is bound to a string describing the source of incompleteness.
*
* For example, since this analysis is intra-procedural, data flow from actual arguments
* to formal parameters is not modeled. Hence, if `p` is an access to a parameter,
* `p.getASource()` does _not_ return the corresponding argument, and
* `p.isIncomplete("call")` holds.
*/
predicate isIncomplete(DataFlowIncompleteness cause) { none() }
/** Gets type inference results for this data flow node. */
DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }
/** Gets a textual representation of this element. */
string toString() { result = this.(ASTNode).toString() }
/** Gets the location of the AST node underlying this data flow node. */
Location getLocation() { result = this.(ASTNode).getLocation() }
}
/** Holds if `nd` is a local source, that is, it has no local data flow predecessor. */
deprecated private predicate isLocalSource(DataFlowNode nd) { not exists(nd.localFlowPred()) }
/** Holds if data may flom from `nd` to `succ` in one local step. */
deprecated private predicate localFlow(DataFlowNode nd, DataFlowNode succ) {
nd = succ.localFlowPred()
}
/**
* Holds if `snk` is reachable from `src` in one or more local steps, where `src`
* itself is reachable from a local source in zere or more local steps.
*/
deprecated private predicate locallyReachable(DataFlowNode src, DataFlowNode snk) =
boundedFastTC(localFlow/2, isLocalSource/1)(src, snk)
/**
* A classification of flows that are not modeled, or only modeled incompletely, by
* `DataFlowNode`.
*/
deprecated class DataFlowIncompleteness extends string {
DataFlowIncompleteness() {
this = "call" or // lack of inter-procedural analysis
this = "heap" or // lack of heap modeling
this = "import" or // lack of module import/export modeling
this = "global" or // incomplete modeling of global object
this = "yield" or // lack of yield/async/await modeling
this = "eval" or // lack of reflection modeling
this = "namespace" // lack of exported variable modeling
}
}
/**
* A variable access, viewed as a data flow node.
*/
deprecated private class VarAccessFlow extends DataFlowNode, @varaccess {
VarAccessFlow() { this instanceof RValue }
/**
* Gets a data flow node representing a local variable definition to which
* this access may refer.
*/
private VarDefFlow getALocalDef() {
exists(SsaDefinition def |
this = def.getVariable().getAUse() and
result = def.getAContributingVarDef()
)
}
override DataFlowNode localFlowPred() {
// flow through local variable
result = getALocalDef().getSourceNode()
}
override DataFlowNode nonLocalFlowPred() {
exists(GlobalVariable v, VarDefFlow def |
v = def.getAVariable() and
result = def.getSourceNode() and
this = v.getAnAccess()
)
}
override predicate isIncomplete(DataFlowIncompleteness cause) {
exists(SsaDefinition ssa, VarDefFlow def |
this = ssa.getVariable().getAUse() and def = ssa.getAContributingVarDef()
|
def.isIncomplete(cause)
)
or
exists(Variable v | this = v.getAnAccess() |
v.isGlobal() and cause = "global"
or
globalIsIncomplete(v, cause)
or
v.isNamespaceExport() and cause = "namespace"
or
v instanceof ArgumentsVariable and cause = "call"
or
any(DirectEval e).mayAffect(v) and cause = "eval"
)
}
}
/**
* Holds if `v` has a definition that introduces analysis incompleteness due to
* the given `cause`.
*
* We exclude cause `"global"`, since all global variables have this incompleteness anyway.
*/
pragma[noinline]
deprecated private predicate globalIsIncomplete(GlobalVariable v, DataFlowIncompleteness cause) {
exists(VarDefFlow def |
v = def.getAVariable() and
def.isIncomplete(cause) and
cause != "global"
)
}
/**
* A variable definition, viewed as a contributor to the data flow graph.
*/
deprecated private class VarDefFlow extends VarDef {
/**
* Gets a data flow node representing the value assigned by this
* definition.
*/
DataFlowNode getSourceNode() {
// follow one step of the def-use chain, but only for definitions where
// the lhs is a simple variable reference (as opposed to a destructuring
// pattern)
result = getSource() and getTarget() instanceof VarRef
}
/**
* Holds if this definition is analyzed imprecisely due to `cause`.
*/
predicate isIncomplete(DataFlowIncompleteness cause) {
this instanceof Parameter and cause = "call"
or
this instanceof ImportSpecifier and cause = "import"
or
exists(EnhancedForLoop efl | this = efl.getIteratorExpr()) and cause = "heap"
or
exists(ComprehensionBlock cb | this = cb.getIterator()) and cause = "yield"
or
getTarget() instanceof DestructuringPattern and cause = "heap"
}
}
/**
* An IIFE parameter, viewed as a contributor to the data flow graph.
*/
deprecated private class IifeParameterFlow extends VarDefFlow {
/** The function of which this is a parameter. */
ImmediatelyInvokedFunctionExpr iife;
IifeParameterFlow() {
this instanceof SimpleParameter and
iife.argumentPassing(this, _)
}
override DataFlowNode getSourceNode() { iife.argumentPassing(this, result) }
override predicate isIncomplete(DataFlowIncompleteness cause) { none() }
}
/**
* An ECMAScript 2015 import, viewed as a contributor to the data flow graph.
*/
deprecated private class ImportSpecifierFlow extends VarDefFlow, ImportSpecifier {
override DataFlowNode getSourceNode() { result = getLocal() }
}
/** A parenthesized expression, viewed as a data flow node. */
deprecated private class ParExprFlow extends DataFlowNode, @parexpr {
override DataFlowNode localFlowPred() { result = this.(ParExpr).getExpression() }
}
/** A type assertion, `E as T` or `<T> E`, viewed as a data flow node. */
deprecated private class TypeAssertionFlow extends DataFlowNode, @typeassertion {
override DataFlowNode localFlowPred() { result = this.(TypeAssertion).getExpression() }
}
/** A non-null assertion, `E!` viewed as a data flow node. */
deprecated private class NonNullAssertionFlow extends DataFlowNode, @non_null_assertion {
override DataFlowNode localFlowPred() { result = this.(NonNullAssertion).getExpression() }
}
/** An expression with type arguments, viewed as a data flow node. */
deprecated private class ExpressionWithTypeArgumentsFlow extends DataFlowNode,
@expressionwithtypearguments {
override DataFlowNode localFlowPred() {
result = this.(ExpressionWithTypeArguments).getExpression()
}
}
/** A sequence expression, viewed as a data flow node. */
deprecated private class SeqExprFlow extends DataFlowNode, @seqexpr {
override DataFlowNode localFlowPred() { result = this.(SeqExpr).getLastOperand() }
}
/** A short-circuiting logical expression, viewed as a data flow node. */
deprecated private class LogicalBinaryExprFlow extends DataFlowNode, @binaryexpr {
LogicalBinaryExprFlow() { this instanceof LogicalBinaryExpr }
override DataFlowNode localFlowPred() { result = this.(LogicalBinaryExpr).getAnOperand() }
}
/** An assignment expression, viewed as a data flow node. */
deprecated private class AssignExprFlow extends DataFlowNode, @assignexpr {
override DataFlowNode localFlowPred() { result = this.(AssignExpr).getRhs() }
}
/** A conditional expression, viewed as a data flow node. */
deprecated private class ConditionalExprFlow extends DataFlowNode, @conditionalexpr {
override DataFlowNode localFlowPred() { result = this.(ConditionalExpr).getABranch() }
}
/**
* A data flow node whose value involves inter-procedural flow,
* and which hence is analyzed incompletely.
*/
deprecated private class InterProcFlow extends DataFlowNode, @expr {
InterProcFlow() {
this instanceof InvokeExpr or
this instanceof ThisExpr or
this instanceof SuperExpr or
this instanceof NewTargetExpr or
this instanceof FunctionBindExpr or
this instanceof TaggedTemplateExpr
}
override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "call" }
}
/** An external module reference, viewed as a data flow node. */
deprecated private class ExternalModuleFlow extends DataFlowNode, @externalmodulereference {
override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "import" }
}
/**
* An immediately invoked function expression, viewed as a data flow node.
*
* Unlike other calls, we can analyze the value of an IIFE completely, hence
* we override `InterProcFlow`.
*/
deprecated private class IifeFlow extends InterProcFlow, @callexpr {
/** The function this IIFE invokes. */
ImmediatelyInvokedFunctionExpr iife;
IifeFlow() { this = iife.getInvocation() }
override DataFlowNode localFlowPred() { result = iife.getAReturnedExpr() }
override predicate isIncomplete(DataFlowIncompleteness cause) { none() }
}
/**
* A property access, viewed as a data flow node.
*/
deprecated private class PropAccessFlow extends DataFlowNode, @propaccess {
override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "heap" }
}
/**
* A data flow node whose value involves co-routines or promises,
* and which hence is analyzed incompletely.
*/
deprecated private class IteratorFlow extends DataFlowNode, @expr {
IteratorFlow() {
this instanceof YieldExpr or
this instanceof AwaitExpr or
this instanceof FunctionSentExpr or
this instanceof DynamicImportExpr
}
override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "yield" }
}
/**
* A data flow node that reads or writes an object property.
*/
abstract deprecated class PropRefNode extends DataFlowNode {
/**
* Gets the data flow node corresponding to the base object
* whose property is read from or written to.
*/
abstract DataFlowNode getBase();
/**
* Gets the expression specifying the name of the property being
* read or written. This is usually either an identifier or a literal.
*/
abstract Expr getPropertyNameExpr();
/**
* Gets the name of the property being read or written,
* if it can be statically determined.
*
* This predicate is undefined for dynamic property references
* such as `e[computePropertyName()]` and for spread/rest
* properties.
*/
abstract string getPropertyName();
}
/**
* A data flow node that writes to an object property.
*/
abstract deprecated class PropWriteNode extends PropRefNode {
/**
* Gets the data flow node corresponding to the value being written,
* if it can be statically determined.
*
* This predicate is undefined for spread properties, accessor
* properties, and most uses of `Object.defineProperty`.
*/
abstract DataFlowNode getRhs();
/**
* Holds if this data flow node writes the value of `rhs` to property
* `prop` of the object that `base` evaluates to.
*/
pragma[noinline]
predicate writes(DataFlow::Node base, string prop, DataFlow::Node rhs) {
base = DataFlow::valueNode(getBase()) and
prop = getPropertyName() and
rhs = DataFlow::valueNode(getRhs())
}
}
/**
* A property assignment, viewed as a data flow node.
*/
deprecated private class PropAssignNode extends PropWriteNode, @propaccess {
PropAssignNode() { this instanceof LValue }
override DataFlowNode getBase() { result = this.(PropAccess).getBase() }
override Expr getPropertyNameExpr() { result = this.(PropAccess).getPropertyNameExpr() }
override string getPropertyName() { result = this.(PropAccess).getPropertyName() }
override DataFlowNode getRhs() { result = this.(LValue).getRhs() }
}
/**
* A property of an object literal, viewed as a data flow node that writes
* to the corresponding property.
*/
deprecated private class PropInitNode extends PropWriteNode, @property {
/** Gets the property that this node wraps. */
private Property getProperty() { result = this }
override DataFlowNode getBase() { result = getProperty().getObjectExpr() }
override Expr getPropertyNameExpr() { result = getProperty().getNameExpr() }
override string getPropertyName() { result = getProperty().getName() }
override DataFlowNode getRhs() { result = getProperty().(ValueProperty).getInit() }
}
/**
* A call to `Object.defineProperty`, viewed as a data flow node that
* writes to the corresponding property.
*/
deprecated private class ObjectDefinePropNode extends PropWriteNode, @callexpr {
CallToObjectDefineProperty odp;
ObjectDefinePropNode() { this = odp.asExpr() }
override DataFlowNode getBase() { result = odp.getBaseObject().asExpr() }
override Expr getPropertyNameExpr() { result = odp.getArgument(1).asExpr() }
override string getPropertyName() { result = odp.getPropertyName() }
override DataFlowNode getRhs() {
exists(ObjectExpr propdesc |
propdesc = odp.getPropertyDescriptor().asExpr() and
result = propdesc.getPropertyByName("value").getInit()
)
}
}
/**
* A static member definition, viewed as a data flow node that adds
* a property to the class.
*/
deprecated private class StaticMemberAsWrite extends PropWriteNode, @expr {
StaticMemberAsWrite() { exists(MemberDefinition md | md.isStatic() and this = md.getNameExpr()) }
/** Gets the member definition that this node wraps. */
private MemberDefinition getMember() { this = result.getNameExpr() }
override DataFlowNode getBase() { result = getMember().getDeclaringClass() }
override Expr getPropertyNameExpr() { result = getMember().getNameExpr() }
override string getPropertyName() { result = getMember().getName() }
override DataFlowNode getRhs() { result = getMember().getInit() }
}
/**
* A spread property of an object literal, viewed as a data flow node that writes
* properties of the object literal.
*/
deprecated private class SpreadPropertyAsWrite extends PropWriteNode, @expr {
SpreadPropertyAsWrite() { exists(SpreadProperty prop | this = prop.getInit()) }
override DataFlowNode getBase() { result.(ObjectExpr).getAProperty().getInit() = this }
override Expr getPropertyNameExpr() { none() }
override string getPropertyName() { none() }
override DataFlowNode getRhs() { none() }
}
/**
* A JSX attribute, viewed as a data flow node that writes properties to
* the JSX element it is in.
*/
deprecated private class JSXAttributeAsWrite extends PropWriteNode, @identifier {
JSXAttributeAsWrite() { exists(JSXAttribute attr | this = attr.getNameExpr()) }
/** Gets the JSX attribute that this node wraps. */
private JSXAttribute getAttribute() { result.getNameExpr() = this }
override DataFlowNode getBase() { result = getAttribute().getElement() }
override Expr getPropertyNameExpr() { result = this }
override string getPropertyName() { result = this.(Identifier).getName() }
override DataFlowNode getRhs() { result = getAttribute().getValue() }
}
/**
* A data flow node that reads an object property.
*/
abstract deprecated class PropReadNode extends PropRefNode {
/**
* Gets the default value of this property read, if any.
*/
abstract DataFlowNode getDefault();
}
/**
* A property access in rvalue position.
*/
deprecated private class PropAccessReadNode extends PropReadNode, @propaccess {
PropAccessReadNode() { this instanceof RValue }
override DataFlowNode getBase() { result = this.(PropAccess).getBase() }
override Expr getPropertyNameExpr() { result = this.(PropAccess).getPropertyNameExpr() }
override string getPropertyName() { result = this.(PropAccess).getPropertyName() }
override DataFlowNode getDefault() { none() }
}
/**
* A property pattern viewed as a property read; for instance, in
* `var { p: q } = o`, `p` is a read of property `p` of `o`.
*/
deprecated private class PropPatternReadNode extends PropReadNode, @expr {
PropPatternReadNode() { this = any(PropertyPattern p).getNameExpr() }
/** Gets the property pattern that this node wraps. */
private PropertyPattern getPropertyPattern() { this = result.getNameExpr() }
override DataFlowNode getBase() {
exists(VarDef d |
d.getTarget() = getPropertyPattern().getObjectPattern() and
result = d.getSource()
)
}
override Expr getPropertyNameExpr() { result = getPropertyPattern().getNameExpr() }
override string getPropertyName() { result = getPropertyPattern().getName() }
override DataFlowNode getDefault() { result = getPropertyPattern().getDefault() }
}
/**
* A rest pattern viewed as a property read; for instance, in
* `var { ...ps } = o`, `ps` is a read of all properties of `o`.
*/
deprecated private class RestPropertyAsRead extends PropReadNode {
RestPropertyAsRead() { this = any(ObjectPattern p).getRest() }
override DataFlowNode getBase() {
exists(VarDef d |
d.getTarget().(ObjectPattern).getRest() = this and
result = d.getSource()
)
}
override Expr getPropertyNameExpr() { none() }
override string getPropertyName() { none() }
override DataFlowNode getDefault() { none() }
}

18
javascript/ql/src/semmle/javascript/HTML.qll
View File

@@ -233,21 +233,3 @@ module HTML {
override Location getLocation() { xmllocations(this, result) }
}
}
/** DEPRECATED: Use `HTML::HtmlFile` instead. */
deprecated class HTMLFile = HTML::HtmlFile;
/** DEPRECATED: Use `HTML::Element` instead. */
deprecated class HTMLElement = HTML::Element;
/** DEPRECATED: Use `HTML::Attribute` instead. */
deprecated class HTMLAttribute = HTML::Attribute;
/** DEPRECATED: Use `HTML::DocumentElement` instead. */
deprecated class HtmlDocumentElement = HTML::DocumentElement;
/** DEPRECATED: Use `HTML::ScriptElement` instead. */
deprecated class HtmlScriptElement = HTML::ScriptElement;
/** DEPRECATED: Use `HTML::TextNode` instead. */
deprecated class HtmlText = HTML::TextNode;

59
javascript/ql/src/semmle/javascript/Modules.qll
View File

@@ -172,62 +172,3 @@ abstract class PathExprInModule extends PathExpr {
getEnclosingModule().searchRoot(this, result, priority)
}
}
/**
* An import of a module with the given `path`, either using `require` or using `import`.
*/
deprecated private predicate isImport(DataFlowNode nd, string moduleName) {
exists(Import i | i.getImportedPath().getValue() = moduleName |
// `require("http")`
nd = i.(Require)
or
exists(ImportSpecifier spec | spec = i.(ImportDeclaration).getASpecifier() |
// common, but semantically different, ways of exposing modules through imports:
// `import * as http from 'http'`
nd = spec.(ImportNamespaceSpecifier).getLocal()
or
// `import http from 'http'`
nd = spec.(ImportDefaultSpecifier).getLocal()
)
)
}
/**
* DEPRECATED: Use `DataFlow::moduleImport` and `DataFlow::ModuleImportNode` instead.
*
* A data flow node that holds a module instance, that is, the result of
* an import of the module.
*/
deprecated class ModuleInstance extends DataFlowNode {
ModuleInstance() { isImport(this, _) }
/** Gets the path from which the module is imported. */
string getPath() { isImport(this, result) }
/**
* Gets an invocation of the method or constructor named `memberName` on this module instance.
*/
InvokeExpr getAMemberInvocation(string memberName) {
result.getCallee().(DataFlowNode).getALocalSource() = getAPropertyRead(memberName)
}
/**
* Gets a function call that invokes method `methodName` on this module instance.
*/
CallExpr getAMethodCall(string methodName) { result = getAMemberInvocation(methodName) }
/**
* Gets a `new` call that invokes constructor `constructorName` on this module instance.
*/
NewExpr getAConstructorInvocation(string constructorName) {
result = getAMemberInvocation(constructorName)
}
/**
* Gets a read access to property `propName` on this module instance.
*/
PropReadNode getAPropertyRead(string propName) {
result.getBase().getALocalSource() = this and
result.getPropertyName() = propName
}
}

9
javascript/ql/src/semmle/javascript/StandardLibrary.qll
View File

@@ -33,15 +33,6 @@ class DirectEval extends CallExpr {
predicate mayAffect(LocalVariable lv) { getParent+() = lv.getScope().getScopeElement() }
}
/**
* DEPRECATED. Use `JsonParserCall` and the data flow API instead.
*
* A call to `JSON.parse`.
*/
deprecated class JsonParseCall extends MethodCallExpr {
JsonParseCall() { this = DataFlow::globalVarRef("JSON").getAMemberCall("parse").asExpr() }
}
/**
* Flow analysis for `this` expressions inside a function that is called with
* `Array.prototype.map` or a similar Array function that binds `this`.

131
javascript/ql/src/semmle/javascript/dataflow/CallGraph.qll
View File

@@ -1,131 +0,0 @@
/**
* Provides classes for working with call graphs derived from intra-procedural data flow.
*/
import javascript
private import InferredTypes
/**
* DEPRECATED: Use `DataFlow::InvokeNode` instead.
*
* A function call or `new` expression, with information about its potential callees.
*
* Both direct calls and reflective calls using `call` or `apply` are modelled.
*/
deprecated class CallSite extends @invokeexpr {
InvokeExpr invk;
CallSite() { invk = this }
/** Gets an abstract value representing possible callees of this call site. */
cached
AbstractValue getACalleeValue() { result = invk.getCallee().analyze().getAValue() }
/**
* Gets the data flow node corresponding to the `i`th argument passed to the callee
* invoked at this call site.
*
* For direct calls, this is the `i`th argument to the call itself: for instance,
* for a call `f(x, y)`, the 0th argument node is `x` and the first argument node is `y`.
*
* For reflective calls using `call`, the 0th argument to the call denotes the
* receiver, so argument positions are shifted by one: for instance, for a call
* `f.call(x, y, z)`, the 0th argument node is `y` and the first argument node is `z`,
* while `x` is not an argument node at all.
*
* Note that this predicate is not defined for arguments following a spread
* argument: for instance, for a call `f(x, ...y, z)`, the 0th argument node is `x`,
* but the position of `z` cannot be determined, hence there are no first and second
* argument nodes.
*/
DataFlow::AnalyzedNode getArgumentNode(int i) {
result = invk.getArgument(i).analyze() and
not earlierSpreadArgument(i)
}
/** Holds if `invk` has a spread argument at index `i` or earlier. */
private predicate earlierSpreadArgument(int i) {
invk.isSpreadArgument(i)
or
(earlierSpreadArgument(i - 1) and i < invk.getNumArgument())
}
/** Gets a potential callee based on dataflow analysis results. */
private Function getACalleeFromDataflow() {
result = getACalleeValue().(AbstractCallable).getFunction()
}
/** Gets a potential callee of this call site. */
Function getACallee() {
result = getACalleeFromDataflow()
or
not exists(getACalleeFromDataflow()) and
result = invk.getResolvedCallee()
}
/**
* Holds if the approximation of possible callees for this call site is
* affected by the given analysis incompleteness `cause`.
*/
predicate isIndefinite(DataFlow::Incompleteness cause) { getACalleeValue().isIndefinite(cause) }
/**
* Holds if our approximation of possible callees for this call site is
* likely to be imprecise.
*
* We currently track one specific source of imprecision: call
* resolution relies on flow through global variables, and the flow
* analysis finds possible callees that are not functions.
* This usually means that a global variable is used in multiple
* independent contexts, so tracking flow through it leads to
* imprecision.
*/
predicate isImprecise() {
isIndefinite("global") and
exists(DefiniteAbstractValue v | v = getACalleeValue() | not v instanceof AbstractCallable)
}
/**
* Holds if our approximation of possible callees for this call site is
* likely to be incomplete.
*/
predicate isIncomplete() {
// the flow analysis identifies a source of incompleteness other than
// global flow (which usually leads to imprecision rather than incompleteness)
any(DataFlow::Incompleteness cause | isIndefinite(cause)) != "global"
}
/**
* Holds if our approximation of possible callees for this call site is
* likely to be imprecise or incomplete.
*/
predicate isUncertain() { isImprecise() or isIncomplete() }
/**
* Gets a textual representation of this invocation.
*/
string toString() { result = this.(InvokeExpr).toString() }
Location getLocation() { result = this.(InvokeExpr).getLocation() }
}
/**
* A reflective function call using `call` or `apply`.
*/
deprecated class ReflectiveCallSite extends CallSite {
DataFlow::AnalyzedNode callee;
string callMode;
ReflectiveCallSite() {
this.(MethodCallExpr).calls(callee.asExpr(), callMode) and
(callMode = "call" or callMode = "apply")
}
override AbstractValue getACalleeValue() { result = callee.getAValue() }
override DataFlow::AnalyzedNode getArgumentNode(int i) {
callMode = "call" and
result = super.getArgumentNode(i + 1)
}
}

25
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -197,31 +197,6 @@ abstract class Configuration extends string {
predicate hasFlowPath(SourcePathNode source, SinkPathNode sink) {
flowsTo(source, _, sink, _, this)
}
/**
* DEPRECATED: Use `hasFlowPath` instead.
*
* Holds if data may flow from `source` to `sink` for this configuration.
*/
deprecated predicate hasPathFlow(SourcePathNode source, SinkPathNode sink) {
hasFlowPath(source, sink)
}
/**
* DEPRECATED: Use `hasFlow` instead.
*
* Holds if `source` flows to `sink`.
*/
deprecated predicate flowsTo(DataFlow::Node source, DataFlow::Node sink) { hasFlow(source, sink) }
/**
* DEPRECATED: Use `hasFlow` instead.
*
* Holds if `source` flows to `sink`.
*/
deprecated predicate flowsFrom(DataFlow::Node sink, DataFlow::Node source) {
hasFlow(source, sink)
}
}
/**

3
javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
View File

@@ -28,9 +28,6 @@ class InvokeNode extends DataFlow::SourceNode {
/** Gets the name of the function or method being invoked, if it can be determined. */
string getCalleeName() { result = impl.getCalleeName() }
/** DEPRECATED: Use `getCalleeNode()` instead. */
deprecated DataFlow::Node getCallee() { result = getCalleeNode() }
/** Gets the data flow node specifying the function to be called. */
DataFlow::Node getCalleeNode() { result = impl.getCalleeNode() }

12
javascript/ql/src/semmle/javascript/dataflow/Sources.qll
View File

@@ -54,18 +54,6 @@ class SourceNode extends DataFlow::Node {
result = getAPropertyReference(propName)
}
/**
* DEPRECATED: Use `getAPropertyReference` instead.
*
* Gets an access to property `propName` on this node, either through
* a dot expression (as in `x.propName`) or through an index expression
* (as in `x["propName"]`).
*/
deprecated DataFlow::PropRead getAPropertyAccess(string propName) {
result = getAPropertyReference(propName) and
result.asExpr() instanceof PropAccess
}
/**
* Holds if there is an assignment to property `propName` on this node,
* and the right hand side of the assignment is `rhs`.

40
javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -14,7 +14,6 @@
*/
import javascript
import semmle.javascript.dataflow.CallGraph
private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps
private import semmle.javascript.dataflow.InferredTypes
@@ -101,7 +100,6 @@ module TaintTracking {
final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
isAdditionalTaintStep(pred, succ) or
pred = succ.(FlowTarget).getATaintSource() or
any(AdditionalTaintStep dts).step(pred, succ)
}
@@ -146,15 +144,6 @@ module TaintTracking {
abstract class LabeledSanitizerGuardNode extends SanitizerGuardNode,
DataFlow::LabeledBarrierGuardNode { }
/**
* DEPRECATED: Override `Configuration::isAdditionalTaintStep` or use
* `AdditionalTaintStep` instead.
*/
abstract class FlowTarget extends DataFlow::Node {
/** Gets another data flow node from which taint is propagated to this node. */
abstract DataFlow::Node getATaintSource();
}
/**
* A taint-propagating data flow edge that should be added to all taint tracking
* configurations in addition to standard data flow edges.
@@ -173,9 +162,6 @@ module TaintTracking {
abstract predicate step(DataFlow::Node pred, DataFlow::Node succ);
}
/** DEPRECATED: Use `AdditionalTaintStep` instead. */
deprecated class DefaultTaintStep = AdditionalTaintStep;
/**
* A taint propagating data flow edge through object or array elements and
* promises.
@@ -882,30 +868,4 @@ module TaintTracking {
override predicate appliesTo(Configuration cfg) { any() }
}
/**
* An expression that can act as a sanitizer for a variable when appearing
* in a condition.
*
* DEPRECATED: use `AdditionalSanitizerGuardNode` instead.
*/
abstract deprecated class SanitizingGuard extends Expr {
/**
* Holds if this expression sanitizes expression `e` for the purposes of taint-tracking
* configuration `cfg`, provided it evaluates to `outcome`.
*/
abstract predicate sanitizes(Configuration cfg, boolean outcome, Expr e);
}
/**
* Support registration of sanitizers with the deprecated type `SanitizingGuard`.
*/
deprecated private class AdditionalSanitizingGuard extends AdditionalSanitizerGuardNode,
DataFlow::ValueNode {
override SanitizingGuard astNode;
override predicate sanitizes(boolean outcome, Expr e) { astNode.sanitizes(_, outcome, e) }
override predicate appliesTo(Configuration cfg) { astNode.sanitizes(cfg, _, _) }
}
}

5
javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
View File

@@ -23,11 +23,6 @@ DataFlow::SourceNode angular() {
result = DataFlow::moduleImport("angular")
}
/**
* DEPRECATED: Use `angular()` instead.
*/
deprecated predicate isAngularRef(DataFlowNode nd) { angular().flowsToExpr(nd) }
pragma[noopt]
private predicate isAngularString(Expr s) {
exists(DataFlow::SourceNode angular, StmtContainer sc, TopLevel tl |

19
javascript/ql/src/semmle/javascript/frameworks/Express.qll
View File

@@ -34,25 +34,6 @@ module Express {
result = DataFlow::moduleMember("express", "Router").getAnInvocation()
}
/**
* DEPRECATED: Use `appCreation()` instead.
*
* Holds if `e` is an expression that creates a new Express application.
*/
deprecated predicate isAppCreation(InvokeExpr e) { e = appCreation().asExpr() }
/**
* DEPRECATED: Use `appCreation()` instead.
*
* Holds if `e` is an Express application object
*/
deprecated predicate isApp(Expr e) { any(Application app).flowsTo(e) }
/**
* Holds if `e` creates an Express router (possibly an application).
*/
deprecated predicate isRouterCreation(InvokeExpr e) { e = routerCreation().asExpr() }
/**
* Holds if `e` may refer to the given `router` object.
*/

26
javascript/ql/src/semmle/javascript/frameworks/React.qll
View File

@@ -13,11 +13,6 @@ DataFlow::SourceNode react() {
result = DataFlow::moduleImport("react")
}
/**
* DEPRECATED: Use `react()` instead.
*/
deprecated predicate isReactRef(DataFlowNode nd) { react().flowsToExpr(nd) }
/**
* An object that implements the React component interface.
*
@@ -59,32 +54,11 @@ abstract class ReactComponent extends ASTNode {
result.(DataFlow::ThisNode).getBinder().getFunction() = getInstanceMethod(_)
}
/**
* Gets the `this` node in an instance method of this component.
*
* DEPRECATED: Use `getAThisNode` instead.
*/
deprecated DataFlow::SourceNode getAThisAccess() { result = getAThisNode() }
/**
* Gets an access to the `props` object of this component.
*
* DEPRECATED: Use `getADirectPropsAccess` instead.
*/
deprecated DataFlow::SourceNode getAPropsSource() { result = getADirectPropsAccess() }
/**
* Gets an access to the `props` object of this component.
*/
abstract DataFlow::SourceNode getADirectPropsAccess();
/**
* Gets an access to the `state` object of this component.
*
* DEPRECATED: Use `getADirectStateAccess` instead.
*/
deprecated DataFlow::SourceNode getAStateSource() { result = getADirectStateAccess() }
/**
* Gets an access to the `state` object of this component.
*/

34
javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll
View File

@@ -83,11 +83,6 @@ module urijs {
* Provides classes for working with [uri-js](https://github.com/garycourt/uri-js) code.
*/
module uridashjs {
/**
* Gets a data flow source node for the uridashjs library.
*/
deprecated DataFlow::SourceNode uridashjs() { result = DataFlow::moduleImport("uri-js") }
/**
* Gets a data flow source node for member `name` of the uridashjs library.
*/
@@ -121,11 +116,6 @@ module uridashjs {
* Provides classes for working with [punycode](https://github.com/bestiejs/punycode.js) code.
*/
module punycode {
/**
* Gets a data flow source node for the punycode library.
*/
deprecated DataFlow::SourceNode punycode() { result = DataFlow::moduleImport("punycode") }
/**
* Gets a data flow source node for member `name` of the punycode library.
*/
@@ -197,13 +187,6 @@ module urlParse {
* Provides classes for working with [querystringify](https://github.com/unshiftio/querystringify) code.
*/
module querystringify {
/**
* Gets a data flow source node for the querystringify library.
*/
deprecated DataFlow::SourceNode querystringify() {
result = DataFlow::moduleImport("querystringify")
}
/**
* Gets a data flow source node for member `name` of the querystringify library.
*/
@@ -235,13 +218,6 @@ module querystringify {
* Provides classes for working with [query-string](https://github.com/sindresorhus/query-string) code.
*/
module querydashstring {
/**
* Gets a data flow source node for the query-string library.
*/
deprecated DataFlow::SourceNode querydashstring() {
result = DataFlow::moduleImport("query-string")
}
/**
* Gets a data flow source node for member `name` of the query-string library.
*/
@@ -275,11 +251,6 @@ module querydashstring {
* Provides classes for working with [url](https://nodejs.org/api/url.html) code.
*/
module url {
/**
* Gets a data flow source node for the url library.
*/
deprecated DataFlow::SourceNode url() { result = DataFlow::moduleImport("url") }
/**
* Gets a data flow source node for member `name` of the url library.
*/
@@ -310,11 +281,6 @@ module url {
* Provides classes for working with [querystring](https://nodejs.org/api/querystring.html) code.
*/
module querystring {
/**
* Gets a data flow source node for the querystring library.
*/
deprecated DataFlow::SourceNode querystring() { result = DataFlow::moduleImport("querystring") }
/**
* Gets a data flow source node for member `name` of the querystring library.
*/

24
javascript/ql/src/semmle/javascript/frameworks/jQuery.qll
View File

@@ -57,30 +57,6 @@ class JQueryMethodCall extends CallExpr {
*/
string getMethodName() { result = name }
/**
* DEPRECATED: Use `interpretsArgumentAsHtml` instead.
*
* Holds if this call interprets its arguments as HTML.
*/
deprecated predicate interpretsArgumentsAsHtml() {
name = "addClass" or
name = "after" or
name = "append" or
name = "appendTo" or
name = "before" or
name = "html" or
name = "insertAfter" or
name = "insertBefore" or
name = "parseHTML" or
name = "prepend" or
name = "prependTo" or
name = "prop" or
name = "replaceWith" or
name = "wrap" or
name = "wrapAll" or
name = "wrapInner"
}
/**
* Holds if `e` is an argument that this method may interpret as HTML.
*

12
javascript/ql/src/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll
View File

@@ -69,15 +69,3 @@ module BrokenCryptoAlgorithm {
}
}
}
/** DEPRECATED: Use `BrokenCryptoAlgorithm::Source` instead. */
deprecated class BrokenCryptoAlgorithmSource = BrokenCryptoAlgorithm::Source;
/** DEPRECATED: Use `BrokenCryptoAlgorithm::Sink` instead. */
deprecated class BrokenCryptoAlgorithmSink = BrokenCryptoAlgorithm::Sink;
/** DEPRECATED: Use `BrokenCryptoAlgorithm::Sanitizer` instead. */
deprecated class BrokenCryptoAlgorithmSanitizer = BrokenCryptoAlgorithm::Sanitizer;
/** DEPRECATED: Use `BrokenCryptoAlgorithm::Configuration` instead. */
deprecated class BrokenCryptoAlgorithmDataFlowConfiguration = BrokenCryptoAlgorithm::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorage.qll
View File

@@ -90,15 +90,3 @@ module CleartextStorage {
}
}
}
/** DEPRECATED: Use `CleartextStorage::Source` instead. */
deprecated class CleartextStorageSource = CleartextStorage::Source;
/** DEPRECATED: Use `CleartextStorage::Sink` instead. */
deprecated class CleartextStorageSink = CleartextStorage::Sink;
/** DEPRECATED: Use `CleartextStorage::Sanitizer` instead. */
deprecated class CleartextStorageSanitizer = CleartextStorage::Sanitizer;
/** DEPRECATED: Use `CleartextStorage::Configuration` instead. */
deprecated class CleartextStorageDataFlowConfiguration = CleartextStorage::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll
View File

@@ -176,15 +176,3 @@ module ClientSideUrlRedirect {
}
}
}
/** DEPRECATED: Use `ClientSideUrlRedirect::Source` instead. */
deprecated class ClientSideUrlRedirectSource = ClientSideUrlRedirect::Source;
/** DEPRECATED: Use `ClientSideUrlRedirect::Sink` instead. */
deprecated class ClientSideUrlRedirectSink = ClientSideUrlRedirect::Sink;
/** DEPRECATED: Use `ClientSideUrlRedirect::Sanitizer` instead. */
deprecated class ClientSideUrlRedirectSanitizer = ClientSideUrlRedirect::Sanitizer;
/** DEPRECATED: Use `ClientSideUrlRedirect::Configuration` instead. */
deprecated class ClientSideUrlRedirectDataFlowConfiguration = ClientSideUrlRedirect::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/CodeInjection.qll
View File

@@ -123,15 +123,3 @@ module CodeInjection {
}
}
}
/** DEPRECATED: Use `CodeInjection::Source` instead. */
deprecated class CodeInjectionSource = CodeInjection::Source;
/** DEPRECATED: Use `CodeInjection::Sink` instead. */
deprecated class CodeInjectionSink = CodeInjection::Sink;
/** DEPRECATED: Use `CodeInjection::Sanitizer` instead. */
deprecated class CodeInjectionSanitizer = CodeInjection::Sanitizer;
/** DEPRECATED: Use `CodeInjection::Configuration` instead. */
deprecated class CodeInjectionDataFlowConfiguration = CodeInjection::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll
View File

@@ -123,15 +123,3 @@ module CommandInjection {
)
}
}
/** DEPRECATED: Use `CommandInjection::Source` instead. */
deprecated class CommandInjectionSource = CommandInjection::Source;
/** DEPRECATED: Use `CommandInjection::Sink` instead. */
deprecated class CommandInjectionSink = CommandInjection::Sink;
/** DEPRECATED: Use `CommandInjection::Sanitizer` instead. */
deprecated class CommandInjectionSanitizer = CommandInjection::Sanitizer;
/** DEPRECATED: Use `CommandInjection::Configuration` instead. */
deprecated class CommandInjectionTrackingConfig = CommandInjection::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/ConditionalBypass.qll
View File

@@ -83,15 +83,3 @@ module ConditionalBypass {
override SensitiveAction getAction() { result = action }
}
}
/** DEPRECATED: Use `ConditionalBypass::Source` instead. */
deprecated class ConditionalBypassSource = ConditionalBypass::Source;
/** DEPRECATED: Use `ConditionalBypass::Sink` instead. */
deprecated class ConditionalBypassSink = ConditionalBypass::Sink;
/** DEPRECATED: Use `ConditionalBypass::Sanitizer` instead. */
deprecated class ConditionalBypassSanitizer = ConditionalBypass::Sanitizer;
/** DEPRECATED: Use `ConditionalBypass::Configuration` instead. */
deprecated class ConditionalBypassDataFlowConfiguration = ConditionalBypass::Configuration;

15
javascript/ql/src/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll
View File

@@ -87,18 +87,3 @@ module CorsMisconfigurationForCredentials {
}
}
}
/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Source` instead. */
deprecated class CorsMisconfigurationForCredentialsSource =
CorsMisconfigurationForCredentials::Source;
/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Sink` instead. */
deprecated class CorsMisconfigurationForCredentialsSink = CorsMisconfigurationForCredentials::Sink;
/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Sanitizer` instead. */
deprecated class CorsMisconfigurationForCredentialsSanitizer =
CorsMisconfigurationForCredentials::Sanitizer;
/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Configuration` instead. */
deprecated class CorsMisconfigurationForCredentialsDataFlowConfiguration =
CorsMisconfigurationForCredentials::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll
View File

@@ -189,15 +189,3 @@ module DomBasedXss {
override string getVulnerabilityKind() { result = "HTML injection" }
}
}
/** DEPRECATED: Use `DomBasedXss::Source` instead. */
deprecated class XssSource = DomBasedXss::Source;
/** DEPRECATED: Use `DomBasedXss::Sink` instead. */
deprecated class XssSink = DomBasedXss::Sink;
/** DEPRECATED: Use `DomBasedXss::Sanitizer` instead. */
deprecated class XssSanitizer = DomBasedXss::Sanitizer;
/** DEPRECATED: Use `DomBasedXss::Configuration` instead. */
deprecated class XssDataFlowConfiguration = DomBasedXss::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll
View File

@@ -47,15 +47,3 @@ module HardcodedCredentials {
override string getKind() { result = this.asExpr().(CredentialsExpr).getCredentialsKind() }
}
}
/** DEPRECATED: Use `HardcodedCredentials::Source` instead. */
deprecated class HardcodedCredentialsSource = HardcodedCredentials::Source;
/** DEPRECATED: Use `HardcodedCredentials::Sink` instead. */
deprecated class HardcodedCredentialsSink = HardcodedCredentials::Sink;
/** DEPRECATED: Use `HardcodedCredentials::Sanitizer` instead. */
deprecated class HardcodedCredentialsSanitizer = HardcodedCredentials::Sanitizer;
/** DEPRECATED: Use `HardcodedCredentials::Configuration` instead. */
deprecated class HardcodedCredentialsTrackingConfiguration = HardcodedCredentials::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/InsecureRandomness.qll
View File

@@ -109,15 +109,3 @@ module InsecureRandomness {
*/
class CryptoKeySink extends Sink { CryptoKeySink() { this instanceof CryptographicKey } }
}
/** DEPRECATED: Use `InsecureRandomness::Source` instead. */
deprecated class InsecureRandomnessSource = InsecureRandomness::Source;
/** DEPRECATED: Use `InsecureRandomness::Sink` instead. */
deprecated class InsecureRandomnessSink = InsecureRandomness::Sink;
/** DEPRECATED: Use `InsecureRandomness::Sanitizer` instead. */
deprecated class InsecureRandomnessSanitizer = InsecureRandomness::Sanitizer;
/** DEPRECATED: Use `InsecureRandomness::Configuration` instead. */
deprecated class InsecureRandomnessDataFlowConfiguration = InsecureRandomness::Configuration;

13
javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll
View File

@@ -71,16 +71,3 @@ module InsufficientPasswordHash {
}
}
}
/** DEPRECATED: Use `InsufficientPasswordHash::Source` instead. */
deprecated class InsufficientPasswordHashSource = InsufficientPasswordHash::Source;
/** DEPRECATED: Use `InsufficientPasswordHash::Sink` instead. */
deprecated class InsufficientPasswordHashSink = InsufficientPasswordHash::Sink;
/** DEPRECATED: Use `InsufficientPasswordHash::Sanitizer` instead. */
deprecated class InsufficientPasswordHashSanitizer = InsufficientPasswordHash::Sanitizer;
/** DEPRECATED: Use `InsufficientPasswordHash::Configuration` instead. */
deprecated class InsufficientPasswordHashDataFlowConfiguration =
InsufficientPasswordHash::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/NosqlInjection.qll
View File

@@ -78,15 +78,3 @@ module NosqlInjection {
/** An expression interpreted as a NoSQL query, viewed as a sink. */
class NosqlQuerySink extends Sink, DataFlow::ValueNode { override NoSQL::Query astNode; }
}
/** DEPRECATED: Use `NosqlInjection::Source` instead. */
deprecated class NosqlInjectionSource = NosqlInjection::Source;
/** DEPRECATED: Use `NosqlInjection::Sink` instead. */
deprecated class NosqlInjectionSink = NosqlInjection::Sink;
/** DEPRECATED: Use `NosqlInjection::Sanitizer` instead. */
deprecated class NosqlInjectionSanitizer = NosqlInjection::Sanitizer;
/** DEPRECATED: Use `NosqlInjection::Configuration` instead. */
deprecated class NosqlInjectionTrackingConfig = NosqlInjection::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/ReflectedXss.qll
View File

@@ -67,15 +67,3 @@ module ReflectedXss {
}
}
}
/** DEPRECATED: Use `ReflectedXss::Source` instead. */
deprecated class XssSource = ReflectedXss::Source;
/** DEPRECATED: Use `ReflectedXss::Sink` instead. */
deprecated class XssSink = ReflectedXss::Sink;
/** DEPRECATED: Use `ReflectedXss::Sanitizer` instead. */
deprecated class XssSanitizer = ReflectedXss::Sanitizer;
/** DEPRECATED: Use `ReflectedXss::Configuration` instead. */
deprecated class XssDataFlowConfiguration = ReflectedXss::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/RegExpInjection.qll
View File

@@ -68,15 +68,3 @@ module RegExpInjection {
}
}
}
/** DEPRECATED: Use `RegExpInjection::Source` instead. */
deprecated class RegExpInjectionSource = RegExpInjection::Source;
/** DEPRECATED: Use `RegExpInjection::Sink` instead. */
deprecated class RegExpInjectionSink = RegExpInjection::Sink;
/** DEPRECATED: Use `RegExpInjection::Sanitizer` instead. */
deprecated class RegExpInjectionSanitizer = RegExpInjection::Sanitizer;
/** DEPRECATED: Use `RegExpInjection::Configuration` instead. */
deprecated class RegExpInjectionTaintTrackingConfiguration = RegExpInjection::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll
View File

@@ -101,15 +101,3 @@ module ServerSideUrlRedirect {
}
}
}
/** DEPRECATED: Use `ServerSideUrlRedirect::Source` instead. */
deprecated class ServerSideUrlRedirectSource = ServerSideUrlRedirect::Source;
/** DEPRECATED: Use `ServerSideUrlRedirect::Sink` instead. */
deprecated class ServerSideUrlRedirectSink = ServerSideUrlRedirect::Sink;
/** DEPRECATED: Use `ServerSideUrlRedirect::Sanitizer` instead. */
deprecated class ServerSideUrlRedirectSanitizer = ServerSideUrlRedirect::Sanitizer;
/** DEPRECATED: Use `ServerSideUrlRedirect::Configuration` instead. */
deprecated class ServerSideUrlRedirectDataFlowConfiguration = ServerSideUrlRedirect::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll
View File

@@ -50,15 +50,3 @@ module SqlInjection {
SanitizerExpr() { astNode = any(SQL::SqlSanitizer ss).getOutput() }
}
}
/** DEPRECATED: Use `SqlInjection::Source` instead. */
deprecated class SqlInjectionSource = SqlInjection::Source;
/** DEPRECATED: Use `SqlInjection::Sink` instead. */
deprecated class SqlInjectionSink = SqlInjection::Sink;
/** DEPRECATED: Use `SqlInjection::Sanitizer` instead. */
deprecated class SqlInjectionSanitizer = SqlInjection::Sanitizer;
/** DEPRECATED: Use `SqlInjection::Configuration` instead. */
deprecated class SqlInjectionTrackingConfig = SqlInjection::Configuration;

9
javascript/ql/src/semmle/javascript/security/dataflow/StackTraceExposure.qll
View File

@@ -53,12 +53,3 @@ module StackTraceExposure {
*/
class DefaultSink extends Sink, DataFlow::ValueNode { override HTTP::ResponseBody astNode; }
}
/** DEPRECATED: Use `StackTraceExposure::Source` instead. */
deprecated class StackTraceExposureSource = StackTraceExposure::Source;
/** DEPRECATED: Use `StackTraceExposure::Sink` instead. */
deprecated class StackTraceExposureSink = StackTraceExposure::Sink;
/** DEPRECATED: Use `StackTraceExposure::Configuration` instead. */
deprecated class StackTraceExposureTrackingConfig = StackTraceExposure::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll
View File

@@ -150,15 +150,3 @@ module TaintedPath {
}
}
}
/** DEPRECATED: Use `TaintedPath::Source` instead. */
deprecated class TaintedPathSource = TaintedPath::Source;
/** DEPRECATED: Use `TaintedPath::Sink` instead. */
deprecated class TaintedPathSink = TaintedPath::Sink;
/** DEPRECATED: Use `TaintedPath::Sanitizer` instead. */
deprecated class TaintedPathSanitizer = TaintedPath::Sanitizer;
/** DEPRECATED: Use `TaintedPath::Configuration` instead. */
deprecated class TaintedPathTrackingConfig = TaintedPath::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDeserialization.qll
View File

@@ -65,15 +65,3 @@ module UnsafeDeserialization {
}
}
}
/** DEPRECATED: Use `UnsafeDeserialization::Source` instead. */
deprecated class UnsafeDeserializationSource = UnsafeDeserialization::Source;
/** DEPRECATED: Use `UnsafeDeserialization::Sink` instead. */
deprecated class UnsafeDeserializationSink = UnsafeDeserialization::Sink;
/** DEPRECATED: Use `UnsafeDeserialization::Sanitizer` instead. */
deprecated class UnsafeDeserializationSanitizer = UnsafeDeserialization::Sanitizer;
/** DEPRECATED: Use `UnsafeDeserialization::Configuration` instead. */
deprecated class UnsafeDeserializationTrackingConfig = UnsafeDeserialization::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/XmlBomb.qll
View File

@@ -62,15 +62,3 @@ module XmlBomb {
}
}
}
/** DEPRECATED: Use `XmlBomb::Source` instead. */
deprecated class XmlBombSource = XmlBomb::Source;
/** DEPRECATED: Use `XmlBomb::Sink` instead. */
deprecated class XmlBombSink = XmlBomb::Sink;
/** DEPRECATED: Use `XmlBomb::Sanitizer` instead. */
deprecated class XmlBombSanitizer = XmlBomb::Sanitizer;
/** DEPRECATED: Use `XmlBomb::Configuration` instead. */
deprecated class XmlBomTrackingConfig = XmlBomb::Configuration;

12
javascript/ql/src/semmle/javascript/security/dataflow/Xxe.qll
View File

@@ -65,15 +65,3 @@ module Xxe {
}
}
}
/** DEPRECATED: Use `Xxe::Source` instead. */
deprecated class XxeSource = Xxe::Source;
/** DEPRECATED: Use `Xxe::Sink` instead. */
deprecated class XxeSink = Xxe::Sink;
/** DEPRECATED: Use `Xxe::Sanitizer` instead. */
deprecated class XxeSanitizer = Xxe::Sanitizer;
/** DEPRECATED: Use `Xxe::Configuration` instead. */
deprecated class XxeTrackingConfig = Xxe::Configuration;

14
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected
View File

@@ -1,14 +0,0 @@
WARNING: Predicate flowsFrom has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:21,11-20)
WARNING: Type SanitizingGuard has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:8,34-64)
WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:14,20-44)
WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:20,6-30)
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
| formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
| partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:13:42:13:48 | req.url | user-provided value |
| partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:22:51:22:57 | req.url | user-provided value |
| partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value |
| partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value |
| promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
| tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value |
| tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value |

23
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.ql
View File

@@ -1,23 +0,0 @@
//
// This is a test for https://lgtm.com/blog/etherpad_CVE-2018-6835
//
import javascript
import semmle.javascript.security.dataflow.ReflectedXss
class IsVarNameSanitizer extends TaintTracking::SanitizingGuard, CallExpr {
IsVarNameSanitizer() {
getCalleeName() = "isVarName"
}
override predicate sanitizes(TaintTracking::Configuration cfg, boolean outcome, Expr e) {
cfg instanceof XssDataFlowConfiguration and
outcome = true and
e = getArgument(0)
}
}
from XssDataFlowConfiguration xss, DataFlow::Node source, DataFlow::Node sink
where xss.flowsFrom(sink, source)
select sink, "Cross-site scripting vulnerability due to $@.",
source, "user-provided value"