Python: Remove deprecated configuration classes referencing deleted api.

2026-02-16 23:13:43 +01:00 · 2024-12-03 16:16:55 +01:00
parent f38602e9fe
commit 8a5fc97b06
25 changed files with 0 additions and 561 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
@@ -12,31 +12,6 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts
 import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery

-/**
- * DEPRECATED: Use `FullServerSideRequestForgeryFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
- * See `PartialServerSideRequestForgery` for a variant without this requirement.
- *
- * You should use the `fullyControlledRequest` to only select results where all
- * URL parts are fully controlled.
- */
-deprecated class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
-  FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node instanceof Sanitizer
-    or
-    node instanceof FullUrlControlSanitizer
-  }
-}
-
 /**
 * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
 * See `PartialServerSideRequestForgery` for a variant without this requirement.
@@ -73,24 +48,6 @@ predicate fullyControlledRequest(Http::Client::Request request) {
  )
 }

-/**
- * DEPRECATED: Use `PartialServerSideRequestForgeryFlow` module instead.
- *
- * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has results, even when the attacker does not have full control over the URL.
- * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.
- */
-deprecated class PartialServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
-  PartialServerSideRequestForgeryConfiguration() { this = "PartialServerSideRequestForgery" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-}
-
 /**
 * This configuration has results, even when the attacker does not have full control over the URL.
 * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.