Python: Remove deprecated configuration classes referencing deleted api.

python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll

@@ -15,25 +15,6 @@ private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
 import CleartextLoggingCustomizations::CleartextLogging
 
-/**
- * DEPRECATED: Use `CleartextLoggingFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Clear-text logging of sensitive information".
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CleartextLogging" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node)
-    or
-    node instanceof Sanitizer
-  }
-}
-
 private module CleartextLoggingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll

@@ -15,25 +15,6 @@ private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources
 import CleartextStorageCustomizations::CleartextStorage
 
-/**
- * DEPRECATED: Use `CleartextStorageFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Clear-text storage of sensitive information".
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CleartextStorage" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node)
-    or
-    node instanceof Sanitizer
-  }
-}
-
 private module CleartextStorageConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import CodeInjectionCustomizations::CodeInjection
 
-/**
- * DEPRECATED: Use `CodeInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "code injection" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CodeInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module CodeInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import CommandInjectionCustomizations::CommandInjection
 
-/**
- * DEPRECATED: Use `CommandInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "command injection" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "CommandInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * A taint-tracking configuration for detecting "command injection" vulnerabilities.
  */

python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll

@@ -13,22 +13,6 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 import LdapInjectionCustomizations::LdapInjection
 
-/**
- * DEPRECATED: Use `LdapInjectionDnFlow` module instead.
- *
- * A taint-tracking configuration for detecting LDAP injection vulnerabilities
- * via the distinguished name (DN) parameter of an LDAP search.
- */
-deprecated class DnConfiguration extends TaintTracking::Configuration {
-  DnConfiguration() { this = "LdapDnInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof DnSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof DnSanitizer }
-}
-
 private module LdapInjectionDnConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 
@@ -40,22 +24,6 @@ private module LdapInjectionDnConfig implements DataFlow::ConfigSig {
 /** Global taint-tracking for detecting "LDAP injection via the distinguished name (DN) parameter" vulnerabilities. */
 module LdapInjectionDnFlow = TaintTracking::Global<LdapInjectionDnConfig>;
 
-/**
- * DEPRECATED: Use `LdapInjectionFilterFlow` module instead.
- *
- * A taint-tracking configuration for detecting LDAP injection vulnerabilities
- * via the filter parameter of an LDAP search.
- */
-deprecated class FilterConfiguration extends TaintTracking::Configuration {
-  FilterConfiguration() { this = "LdapFilterInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof FilterSanitizer }
-}
-
 private module LdapInjectionFilterConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import LogInjectionCustomizations::LogInjection
 
-/**
- * DEPRECATED: Use `LogInjectionFlow` module instead.
- *
- * A taint-tracking configuration for tracking untrusted user input used in log entries.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "LogInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module LogInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll

@@ -11,35 +11,6 @@ import semmle.python.ApiGraphs
 import semmle.python.dataflow.new.TaintTracking
 import PamAuthorizationCustomizations::PamAuthorizationCustomizations
 
-/**
- * DEPRECATED: Use `PamAuthorizationFlow` module instead.
- *
- * A taint-tracking configuration for detecting "PAM Authorization" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "PamAuthorization" }
-
-  override predicate isSource(DataFlow::Node node) { node instanceof Source }
-
-  override predicate isSink(DataFlow::Node node) { node instanceof Sink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    // Models flow from a remotely supplied username field to a PAM `handle`.
-    // `retval = pam_start(service, username, byref(conv), byref(handle))`
-    exists(API::CallNode pamStart, DataFlow::Node handle, API::CallNode pointer |
-      pointer = API::moduleImport("ctypes").getMember(["pointer", "byref"]).getACall() and
-      pamStart = libPam().getMember("pam_start").getACall() and
-      pointer = pamStart.getArg(3) and
-      handle = pointer.getArg(0) and
-      pamStart.getArg(1) = node1 and
-      handle = node2
-    )
-    or
-    // Flow from handle to the authenticate call in the final step
-    exists(VulnPamAuthCall c | c.getArg(0) = node1 | node2 = c)
-  }
-}
-
 private module PamAuthorizationConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll

@@ -12,57 +12,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import PathInjectionCustomizations::PathInjection
 
-/**
- * DEPRECATED: Use `PathInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "path injection" vulnerabilities.
- *
- * This configuration uses two flow states, `NotNormalized` and `NormalizedUnchecked`,
- * to track the requirement that a file path must be first normalized and then checked
- * before it is safe to use.
- *
- * At sources, paths are assumed not normalized. At normalization points, they change
- * state to `NormalizedUnchecked` after which they can be made safe by an appropriate
- * check of the prefix.
- *
- * Such checks are ineffective in the `NotNormalized` state.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "PathInjection" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-    source instanceof Source and state instanceof NotNormalized
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    sink instanceof Sink and
-    (
-      state instanceof NotNormalized or
-      state instanceof NormalizedUnchecked
-    )
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-  override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
-    // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
-    node instanceof Path::PathNormalization and
-    state instanceof NotNormalized
-    or
-    node instanceof Path::SafeAccessCheck and
-    state instanceof NormalizedUnchecked
-  }
-
-  override predicate isAdditionalTaintStep(
-    DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
-    DataFlow::FlowState stateTo
-  ) {
-    nodeFrom = nodeTo.(Path::PathNormalization).getPathArg() and
-    stateFrom instanceof NotNormalized and
-    stateTo instanceof NormalizedUnchecked
-  }
-}
-
 abstract private class NormalizationState extends string {
   bindingset[this]
   NormalizationState() { any() }

python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import PolynomialReDoSCustomizations::PolynomialReDoS
 
-/**
- * DEPRECATED: Use `PolynomialReDoSFlow` module instead.
- *
- * A taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "PolynomialReDoS" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module PolynomialReDoSConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/ReflectedXssQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import ReflectedXSSCustomizations::ReflectedXss
 
-/**
- * DEPRECATED: Use `ReflectedXssFlow` module instead.
- *
- * A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "ReflectedXSS" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module ReflectedXssConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll

@@ -12,21 +12,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import RegexInjectionCustomizations::RegexInjection
 
-/**
- * DEPRECATED: Use `RegexInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "RegexInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module RegexInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll

@@ -12,31 +12,6 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
 
-/**
- * DEPRECATED: Use `FullServerSideRequestForgeryFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
- * See `PartialServerSideRequestForgery` for a variant without this requirement.
- *
- * You should use the `fullyControlledRequest` to only select results where all
- * URL parts are fully controlled.
- */
-deprecated class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
-  FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof Sanitizer
-    or
-    node instanceof FullUrlControlSanitizer
-  }
-}
-
 /**
  * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
  * See `PartialServerSideRequestForgery` for a variant without this requirement.
@@ -73,24 +48,6 @@ predicate fullyControlledRequest(Http::Client::Request request) {
   )
 }
 
-/**
- * DEPRECATED: Use `PartialServerSideRequestForgeryFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has results, even when the attacker does not have full control over the URL.
- * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.
- */
-deprecated class PartialServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
-  PartialServerSideRequestForgeryConfiguration() { this = "PartialServerSideRequestForgery" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
  * This configuration has results, even when the attacker does not have full control over the URL.
  * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.

python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import SqlInjectionCustomizations::SqlInjection
 
-/**
- * DEPRECATED: Use `SqlInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "SQL injection" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "SqlInjection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module SqlInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll

@@ -11,30 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import StackTraceExposureCustomizations::StackTraceExposure
 
-/**
- * DEPRECATED: Use `StackTraceExposureFlow` module instead.
- *
- * A taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "StackTraceExposure" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-  // A stack trace is accessible as the `__traceback__` attribute of a caught exception.
-  //  see https://docs.python.org/3/reference/datamodel.html#traceback-objects
-  override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    exists(DataFlow::AttrRead attr | attr.getAttributeName() = "__traceback__" |
-      nodeFrom = attr.getObject() and
-      nodeTo = attr
-    )
-  }
-}
-
 private module StackTraceExposureConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/TarSlipQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import TarSlipCustomizations::TarSlip
 
-/**
- * DEPRECATED: Use `TarSlipFlow` module instead.
- *
- * A taint-tracking configuration for detecting "tar slip" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "TarSlip" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module TarSlipConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import UnsafeDeserializationCustomizations::UnsafeDeserialization
 
-/**
- * DEPRECATED: Use `UnsafeDeserializationFlow` module instead.
- *
- * A taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UnsafeDeserialization" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module UnsafeDeserializationConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/UnsafeShellCommandConstructionQuery.qll

@@ -13,29 +13,6 @@ private import semmle.python.dataflow.new.TaintTracking
 private import CommandInjectionCustomizations::CommandInjection as CommandInjection
 private import semmle.python.dataflow.new.BarrierGuards
 
-/**
- * DEPRECATED: Use `UnsafeShellCommandConstructionFlow` module instead.
- *
- * A taint-tracking configuration for detecting shell command constructed from library input vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UnsafeShellCommandConstruction" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof Sanitizer or
-    node instanceof CommandInjection::Sanitizer // using all sanitizers from `py/command-injection`
-  }
-
-  // override to require the path doesn't have unmatched return steps
-  override DataFlow::FlowFeature getAFeature() {
-    result instanceof DataFlow::FeatureHasSourceCallContext
-  }
-}
-
 /**
  * A taint-tracking configuration for detecting "shell command constructed from library input" vulnerabilities.
  */

python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll

@@ -11,34 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import UrlRedirectCustomizations::UrlRedirect as UrlRedirect
 
-/**
- * DEPRECATED: Use `UrlRedirectFlow` module instead.
- *
- * A taint-tracking configuration for detecting "URL redirection" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "UrlRedirect" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-    source instanceof UrlRedirect::Source and state instanceof UrlRedirect::MayContainBackslashes
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    sink instanceof UrlRedirect::Sink and state instanceof UrlRedirect::FlowState
-  }
-
-  override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
-    node.(UrlRedirect::Sanitizer).sanitizes(state)
-  }
-
-  override predicate isAdditionalTaintStep(
-    DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
-    DataFlow::FlowState stateTo
-  ) {
-    any(UrlRedirect::AdditionalFlowStep a).step(nodeFrom, stateFrom, nodeTo, stateTo)
-  }
-}
-
 private module UrlRedirectConfig implements DataFlow::StateConfigSig {
   class FlowState = UrlRedirect::FlowState;
 

python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll

@@ -23,30 +23,6 @@ private import semmle.python.dataflow.new.SensitiveDataSources
 module NormalHashFunction {
   import WeakSensitiveDataHashingCustomizations::NormalHashFunction
 
-  /**
-   * DEPRECATED: Use `Flow` module instead.
-   *
-   * A taint-tracking configuration for detecting use of a broken or weak
-   * cryptographic hashing algorithm on sensitive data.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "NormalHashFunction" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node)
-      or
-      node instanceof Sanitizer
-    }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-      sensitiveDataExtraStepForCalls(node1, node2)
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 
@@ -73,33 +49,6 @@ module NormalHashFunction {
 module ComputationallyExpensiveHashFunction {
   import WeakSensitiveDataHashingCustomizations::ComputationallyExpensiveHashFunction
 
-  /**
-   * DEPRECATED: Use `Flow` module instead.
-   *
-   * A taint-tracking configuration for detecting use of a broken or weak
-   * cryptographic hashing algorithm on passwords.
-   *
-   * Passwords has stricter requirements on the hashing algorithm used (must be
-   * computationally expensive to prevent brute-force attacks).
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "ComputationallyExpensiveHashFunction" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node)
-      or
-      node instanceof Sanitizer
-    }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-      sensitiveDataExtraStepForCalls(node1, node2)
-    }
-  }
-
   /**
    * Passwords has stricter requirements on the hashing algorithm used (must be
    * computationally expensive to prevent brute-force attacks).

python/ql/lib/semmle/python/security/dataflow/XmlBombQuery.qll

@@ -11,24 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import XmlBombCustomizations::XmlBomb
 
-/**
- * DEPRECATED: Use `XmlBombFlow` module instead.
- *
- * A taint-tracking configuration for detecting "XML bomb" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "XmlBomb" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node) or
-    node instanceof Sanitizer
-  }
-}
-
 private module XmlBombConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll

@@ -11,21 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import XpathInjectionCustomizations::XpathInjection
 
-/**
- * DEPRECATED: Use `XpathInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "Xpath Injection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 private module XpathInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

python/ql/lib/semmle/python/security/dataflow/XxeQuery.qll

@@ -11,24 +11,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import XxeCustomizations::Xxe
 
-/**
- * DEPRECATED: Use `XxeFlow` module instead.
- *
- * A taint-tracking configuration for detecting "XML External Entity (XXE)" vulnerabilities.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "Xxe" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    super.isSanitizer(node) or
-    node instanceof Sanitizer
-  }
-}
-
 private module XxeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }