Python: Remove deprecated configuration classes referencing deleted api.

2026-06-25 14:47:04 +02:00 · 2024-12-03 16:16:55 +01:00
parent f38602e9fe
commit 8a5fc97b06
25 changed files with 0 additions and 561 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
@@ -12,57 +12,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import PathInjectionCustomizations::PathInjection

-/**
- * DEPRECATED: Use `PathInjectionFlow` module instead.
- *
- * A taint-tracking configuration for detecting "path injection" vulnerabilities.
- *
- * This configuration uses two flow states, `NotNormalized` and `NormalizedUnchecked`,
- * to track the requirement that a file path must be first normalized and then checked
- * before it is safe to use.
- *
- * At sources, paths are assumed not normalized. At normalization points, they change
- * state to `NormalizedUnchecked` after which they can be made safe by an appropriate
- * check of the prefix.
- *
- * Such checks are ineffective in the `NotNormalized` state.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "PathInjection" }
-
-  override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) {
-    source instanceof Source and state instanceof NotNormalized
-  }
-
-  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    sink instanceof Sink and
-    (
-      state instanceof NotNormalized or
-      state instanceof NormalizedUnchecked
-    )
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-
-  override predicate isSanitizer(DataFlow::Node node, DataFlow::FlowState state) {
-    // Block `NotNormalized` paths here, since they change state to `NormalizedUnchecked`
-    node instanceof Path::PathNormalization and
-    state instanceof NotNormalized
-    or
-    node instanceof Path::SafeAccessCheck and
-    state instanceof NormalizedUnchecked
-  }
-
-  override predicate isAdditionalTaintStep(
-    DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo,
-    DataFlow::FlowState stateTo
-  ) {
-    nodeFrom = nodeTo.(Path::PathNormalization).getPathArg() and
-    stateFrom instanceof NotNormalized and
-    stateTo instanceof NormalizedUnchecked
-  }
-}
-
 abstract private class NormalizationState extends string {
  bindingset[this]
  NormalizationState() { any() }