hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

delete outdated deprecations

Browse Source
This commit is contained in:
erik-krogh
2024-01-22 09:11:35 +01:00
parent 6533269387
commit 8be7eadace
118 changed files with 0 additions and 1974 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/JsonStringifiers.qll
View File

@@ -59,9 +59,6 @@ class Json2CsvTaintStep extends TaintTracking::SharedTaintStep {
}
}
/** DEPRECATED: Alias for Json2CsvTaintStep */
deprecated class JSON2CSVTaintStep = Json2CsvTaintStep;
/**
* A step through the [`prettyjson`](https://www.npmjs.com/package/prettyjson) library.
* This is not quite a `JSON.stringify` call, as it e.g. does not wrap keys in double quotes.

6
javascript/ql/lib/semmle/javascript/NPM.qll
View File

@@ -191,9 +191,6 @@ class PackageJson extends JsonObject {
not result.matches("!%")
}
/** DEPRECATED: Alias for getWhitelistedCpu */
deprecated string getWhitelistedCPU() { result = this.getWhitelistedCpu() }
/** Gets a platform not supported by this package. */
string getBlacklistedCpu() {
exists(string str | str = this.getCPUs().getElementStringValue(_) |
@@ -201,9 +198,6 @@ class PackageJson extends JsonObject {
)
}
/** DEPRECATED: Alias for getBlacklistedCpu */
deprecated string getBlacklistedCPU() { result = this.getBlacklistedCpu() }
/** Holds if this package prefers to be installed globally. */
predicate isPreferGlobal() { this.getPropValue("preferGlobal").(JsonBoolean).getValue() = "true" }

9
javascript/ql/lib/semmle/javascript/Regexp.qll
View File

@@ -1036,15 +1036,6 @@ deprecated module RegExpPatterns {
// according to ranking by http://google.com/search?q=site:.<<TLD>>
result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
}
/**
* Gets a pattern that matches common top-level domain names in lower case.
* DEPRECATED: use `getACommonTld` instead
*/
deprecated predicate commonTld = getACommonTld/0;
/** DEPRECATED: Alias for commonTld */
deprecated predicate commonTLD = commonTld/0;
}
/**

3
javascript/ql/lib/semmle/javascript/SSA.qll
View File

@@ -758,6 +758,3 @@ module Ssa {
/** Gets the SSA variable corresponding to `d`. */
SsaVariable variable(VarDef d) { result.getDefinition() = definition(d) }
}
/** DEPRECATED: Alias for Ssa */
deprecated module SSA = Ssa;

3
javascript/ql/lib/semmle/javascript/Stmt.qll
View File

@@ -295,9 +295,6 @@ class AsmJSDirective extends KnownDirective {
AsmJSDirective() { this.getDirectiveText() = "use asm" }
}
/** DEPRECATED: Alias for AsmJSDirective */
deprecated class ASMJSDirective = AsmJSDirective;
/**
* A Babel directive.
*

33
javascript/ql/lib/semmle/javascript/XML.qll
View File

@@ -32,9 +32,6 @@ class XmlLocatable extends @xmllocatable, TXmlLocatable {
string toString() { none() } // overridden in subclasses
}
/** DEPRECATED: Alias for XmlLocatable */
deprecated class XMLLocatable = XmlLocatable;
/**
* An `XmlParent` is either an `XmlElement` or an `XmlFile`,
* both of which can contain other elements.
@@ -95,9 +92,6 @@ class XmlParent extends @xmlparent {
string toString() { result = this.getName() }
}
/** DEPRECATED: Alias for XmlParent */
deprecated class XMLParent = XmlParent;
/** An XML file. */
class XmlFile extends XmlParent, File {
XmlFile() { xmlEncoding(this, _) }
@@ -119,14 +113,8 @@ class XmlFile extends XmlParent, File {
/** Gets a DTD associated with this XML file. */
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
/** DEPRECATED: Alias for getADtd */
deprecated XmlDtd getADTD() { result = this.getADtd() }
}
/** DEPRECATED: Alias for XmlFile */
deprecated class XMLFile = XmlFile;
/**
* An XML document type definition (DTD).
*
@@ -163,9 +151,6 @@ class XmlDtd extends XmlLocatable, @xmldtd {
}
}
/** DEPRECATED: Alias for XmlDtd */
deprecated class XMLDTD = XmlDtd;
/**
* An XML element in an XML file.
*
@@ -221,9 +206,6 @@ class XmlElement extends @xmlelement, XmlParent, XmlLocatable {
override string toString() { result = this.getName() }
}
/** DEPRECATED: Alias for XmlElement */
deprecated class XMLElement = XmlElement;
/**
* An attribute that occurs inside an XML element.
*
@@ -254,9 +236,6 @@ class XmlAttribute extends @xmlattribute, XmlLocatable {
override string toString() { result = this.getName() + "=" + this.getValue() }
}
/** DEPRECATED: Alias for XmlAttribute */
deprecated class XMLAttribute = XmlAttribute;
/**
* A namespace used in an XML file.
*
@@ -273,9 +252,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
/** Gets the URI of this namespace. */
string getUri() { xmlNs(this, _, result, _) }
/** DEPRECATED: Alias for getUri */
deprecated string getURI() { result = this.getUri() }
/** Holds if this namespace has no prefix. */
predicate isDefault() { this.getPrefix() = "" }
@@ -286,9 +262,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
}
}
/** DEPRECATED: Alias for XmlNamespace */
deprecated class XMLNamespace = XmlNamespace;
/**
* A comment in an XML file.
*
@@ -309,9 +282,6 @@ class XmlComment extends @xmlcomment, XmlLocatable {
override string toString() { result = this.getText() }
}
/** DEPRECATED: Alias for XmlComment */
deprecated class XMLComment = XmlComment;
/**
* A sequence of characters that occurs between opening and
* closing tags of an XML element, excluding other elements.
@@ -335,6 +305,3 @@ class XmlCharacters extends @xmlcharacters, XmlLocatable {
/** Gets a printable representation of this XML character sequence. */
override string toString() { result = this.getCharacters() }
}
/** DEPRECATED: Alias for XmlCharacters */
deprecated class XMLCharacters = XmlCharacters;

45
javascript/ql/lib/semmle/javascript/YAML.qll
View File

@@ -65,48 +65,3 @@ deprecated class YAMLValue = YamlValue;
/** DEPRECATED: Alias for YamlScalar */
deprecated class YAMLScalar = YamlScalar;
/** DEPRECATED: Alias for YamlInteger */
deprecated class YAMLInteger = YamlInteger;
/** DEPRECATED: Alias for YamlFloat */
deprecated class YAMLFloat = YamlFloat;
/** DEPRECATED: Alias for YamlTimestamp */
deprecated class YAMLTimestamp = YamlTimestamp;
/** DEPRECATED: Alias for YamlBool */
deprecated class YAMLBool = YamlBool;
/** DEPRECATED: Alias for YamlNull */
deprecated class YAMLNull = YamlNull;
/** DEPRECATED: Alias for YamlString */
deprecated class YAMLString = YamlString;
/** DEPRECATED: Alias for YamlMergeKey */
deprecated class YAMLMergeKey = YamlMergeKey;
/** DEPRECATED: Alias for YamlInclude */
deprecated class YAMLInclude = YamlInclude;
/** DEPRECATED: Alias for YamlCollection */
deprecated class YAMLCollection = YamlCollection;
/** DEPRECATED: Alias for YamlMapping */
deprecated class YAMLMapping = YamlMapping;
/** DEPRECATED: Alias for YamlSequence */
deprecated class YAMLSequence = YamlSequence;
/** DEPRECATED: Alias for YamlAliasNode */
deprecated class YAMLAliasNode = YamlAliasNode;
/** DEPRECATED: Alias for YamlDocument */
deprecated class YAMLDocument = YamlDocument;
/** DEPRECATED: Alias for YamlParseError */
deprecated class YAMLParseError = YamlParseError;
/** DEPRECATED: Alias for YamlMappingLikeNode */
deprecated class YAMLMappingLikeNode = YamlMappingLikeNode;

6
javascript/ql/lib/semmle/javascript/frameworks/Electron.qll
View File

@@ -133,9 +133,6 @@ module Electron {
override IpcDispatch getAReturnDispatch() { result.getCalleeName() = "sendSync" }
}
/** DEPRECATED: Alias for IpcSendRegistration */
deprecated class IPCSendRegistration = IpcSendRegistration;
/**
* A dispatch of an IPC event.
* An IPC event is sent from the renderer to the main process.
@@ -171,9 +168,6 @@ module Electron {
result.getEmitter() instanceof RendererProcess
}
}
/** DEPRECATED: Alias for IpcDispatch */
deprecated class IPCDispatch = IpcDispatch;
}
/**

6
javascript/ql/lib/semmle/javascript/frameworks/Emscripten.qll
View File

@@ -17,9 +17,6 @@ class EmscriptenStartAsmComment extends EmscriptenMarkerComment {
EmscriptenStartAsmComment() { this.getText().trim() = "EMSCRIPTEN_START_ASM" }
}
/** DEPRECATED: Alias for EmscriptenStartAsmComment */
deprecated class EmscriptenStartASMComment = EmscriptenStartAsmComment;
/**
* An `EMSCRIPTEN_START_FUNCS` marker comment.
*/
@@ -34,9 +31,6 @@ class EmscriptenEndAsmComment extends EmscriptenMarkerComment {
EmscriptenEndAsmComment() { this.getText().trim() = "EMSCRIPTEN_END_ASM" }
}
/** DEPRECATED: Alias for EmscriptenEndAsmComment */
deprecated class EmscriptenEndASMComment = EmscriptenEndAsmComment;
/**
* An `EMSCRIPTEN_END_FUNCS` marker comment.
*/

9
javascript/ql/lib/semmle/javascript/frameworks/GWT.qll
View File

@@ -11,9 +11,6 @@ class GwtVersionVariable extends GlobalVariable {
GwtVersionVariable() { this.getName() = "$gwt_version" }
}
/** DEPRECATED: Alias for GwtVersionVariable */
deprecated class GWTVersionVariable = GwtVersionVariable;
/**
* A GWT header script that defines the `$gwt_version` variable.
*/
@@ -36,15 +33,9 @@ class GwtHeader extends InlineScript {
deprecated string getGWTVersion() { result = this.getGwtVersion() }
}
/** DEPRECATED: Alias for GwtHeader */
deprecated class GWTHeader = GwtHeader;
/**
* A toplevel in a file that appears to be GWT-generated.
*/
class GwtGeneratedTopLevel extends TopLevel {
GwtGeneratedTopLevel() { exists(GwtHeader h | this.getFile() = h.getFile()) }
}
/** DEPRECATED: Alias for GwtGeneratedTopLevel */
deprecated class GWTGeneratedTopLevel = GwtGeneratedTopLevel;

3
javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll
View File

@@ -607,6 +607,3 @@ module Http {
}
}
}
/** DEPRECATED: Alias for Http */
deprecated module HTTP = Http;

3
javascript/ql/lib/semmle/javascript/frameworks/Testing.qll
View File

@@ -37,9 +37,6 @@ class BddTest extends Test, @call_expr {
}
}
/** DEPRECATED: Alias for BddTest */
deprecated class BDDTest = BddTest;
/**
* Gets the test file for `f` with stem extension `stemExt`, where `stemExt` is "test" or "spec".
* That is, a file named `<base>.<stemExt>.<ext>` in the

15
javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
View File

@@ -16,12 +16,6 @@ module CodeInjection {
* A data flow sink for code injection vulnerabilities.
*/
abstract class Sink extends DataFlow::Node {
/**
* DEPRECATED: Use `getMessagePrefix()` instead.
* Gets the substitute for `X` in the message `User-provided value flows to X`.
*/
deprecated string getMessageSuffix() { result = "this location and is interpreted as code" }
/**
* Gets the prefix for the message `X depends on a user-provided value.`.
*/
@@ -129,11 +123,6 @@ module CodeInjection {
)
}
deprecated override string getMessageSuffix() {
result =
"this location and is interpreted by " + templateType + ", which may evaluate it as code"
}
override string getMessagePrefix() {
result = "This " + templateType + " template, which may contain code,"
}
@@ -321,10 +310,6 @@ module CodeInjection {
/** A sink for code injection via template injection. */
abstract private class TemplateSink extends Sink {
deprecated override string getMessageSuffix() {
result = "this location and is interpreted as a template, which may contain code"
}
override string getMessagePrefix() { result = "Template, which may contain code," }
}

3
javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll
View File

@@ -19,9 +19,6 @@ class HtmlSink extends DataFlow::Node instanceof Sink {
}
}
/** DEPRECATED: Alias for HtmlSink */
deprecated class HTMLSink = HtmlSink;
/**
* A taint-tracking configuration for reasoning about XSS.
* Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks.

7
javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll
View File

@@ -1,7 +0,0 @@
/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
import javascript
private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import
/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery;

21
javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
View File

@@ -28,27 +28,6 @@ module ReflectedXss {
HttpResponseSink() { not exists(getAXssSafeHeaderDefinition(this)) }
}
/**
* DEPRECATED: Gets a HeaderDefinition that defines a non-html content-type for `send`.
*/
deprecated Http::HeaderDefinition getANonHtmlHeaderDefinition(Http::ResponseSendArgument send) {
exists(Http::RouteHandler h |
send.getRouteHandler() = h and
result = nonHtmlContentTypeHeader(h)
|
// The HeaderDefinition affects a response sent at `send`.
headerAffects(result, send)
)
}
/**
* DEPRECATED: Holds if `h` may send a response with a content type other than HTML.
*/
deprecated Http::HeaderDefinition nonHtmlContentTypeHeader(Http::RouteHandler h) {
result = h.getAResponseHeader("content-type") and
not exists(string tp | result.defines("content-type", tp) | tp.regexpMatch("(?i).*html.*"))
}
/**
* Gets a HeaderDefinition that defines a XSS safe content-type for `send`.
*/

3
javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
View File

@@ -87,9 +87,6 @@ module XssThroughDom {
override string getPropertyName() { result = prop }
}
/** DEPRECATED: Alias for JQueryDomPropertySource */
deprecated class JQueryDOMPropertySource = JQueryDomPropertySource;
/**
* A source for text from the DOM from a `d3` method call.
*/

68
javascript/ql/lib/semmle/javascript/security/regexp/ExponentialBackTracking.qll
View File

@@ -1,68 +0,0 @@
/**
* This library implements the analysis described in the following two papers:
*
* James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for
* Regular Expression Denial-of-Service Attacks. NSS 2013.
* (https://arxiv.org/abs/1301.0849)
* Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression
* Exponential Runtime via Substructural Logics. 2014.
* (https://www.cs.bham.ac.uk/~hxt/research/redos_full.pdf)
*
* The basic idea is to search for overlapping cycles in the NFA, that is,
* states `q` such that there are two distinct paths from `q` to itself
* that consume the same word `w`.
*
* For any such state `q`, an attack string can be constructed as follows:
* concatenate a prefix `v` that takes the NFA to `q` with `n` copies of
* the word `w` that leads back to `q` along two different paths, followed
* by a suffix `x` that is _not_ accepted in state `q`. A backtracking
* implementation will need to explore at least 2^n different ways of going
* from `q` back to itself while trying to match the `n` copies of `w`
* before finally giving up.
*
* Now in order to identify overlapping cycles, all we have to do is find
* pumpable forks, that is, states `q` that can transition to two different
* states `r1` and `r2` on the same input symbol `c`, such that there are
* paths from both `r1` and `r2` to `q` that consume the same word. The latter
* condition is equivalent to saying that `(q, q)` is reachable from `(r1, r2)`
* in the product NFA.
*
* This is what the library does. It makes a simple attempt to construct a
* prefix `v` leading into `q`, but only to improve the alert message.
* And the library tries to prove the existence of a suffix that ensures
* rejection. This check might fail, which can cause false positives.
*
* Finally, sometimes it depends on the translation whether the NFA generated
* for a regular expression has a pumpable fork or not. We implement one
* particular translation, which may result in false positives or negatives
* relative to some particular JavaScript engine.
*
* More precisely, the library constructs an NFA from a regular expression `r`
* as follows:
*
* * Every sub-term `t` gives rise to an NFA state `Match(t,i)`, representing
* the state of the automaton before attempting to match the `i`th character in `t`.
* * There is one accepting state `Accept(r)`.
* * There is a special `AcceptAnySuffix(r)` state, which accepts any suffix string
* by using an epsilon transition to `Accept(r)` and an any transition to itself.
* * Transitions between states may be labelled with epsilon, or an abstract
* input symbol.
* * Each abstract input symbol represents a set of concrete input characters:
* either a single character, a set of characters represented by a
* character class, or the set of all characters.
* * The product automaton is constructed lazily, starting with pair states
* `(q, q)` where `q` is a fork, and proceeding along an over-approximate
* step relation.
* * The over-approximate step relation allows transitions along pairs of
* abstract input symbols where the symbols have overlap in the characters they accept.
* * Once a trace of pairs of abstract input symbols that leads from a fork
* back to itself has been identified, we attempt to construct a concrete
* string corresponding to it, which may fail.
* * Lastly we ensure that any state reached by repeating `n` copies of `w` has
* a suffix `x` (possible empty) that is most likely __not__ accepted.
*/
private import RegExpTreeView::RegExpTreeView as TreeView
// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
import Dep

13
javascript/ql/lib/semmle/javascript/security/regexp/NfaUtils.qll
View File

@@ -1,13 +0,0 @@
/**
* Provides classes and predicates for constructing an NFA from
* a regular expression, and various utilities for reasoning about
* the resulting NFA.
*
* These utilities are used both by the ReDoS queries and by
* other queries that benefit from reasoning about NFAs.
*/
private import RegExpTreeView::RegExpTreeView as TreeView
// NfaUtils should be used directly from the shared pack, and not from this file.
deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
import Dep

41
javascript/ql/lib/semmle/javascript/security/regexp/SuperlinearBackTracking.qll
View File

@@ -1,41 +0,0 @@
/**
* This module implements the analysis described in the paper:
* Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
* Static Detection of DoS Vulnerabilities in
* Programs that use Regular Expressions
* (Extended Version).
* (https://arxiv.org/pdf/1701.04045.pdf)
*
* Theorem 3 from the paper describes the basic idea.
*
* The following explains the idea using variables and predicate names that are used in the implementation:
* We consider a pair of repetitions, which we will call `pivot` and `succ`.
*
* We create a product automaton of 3-tuples of states (see `StateTuple`).
* There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton
* iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three
* transitions all match a shared character `char`. (see `getAThreewayIntersect`)
*
* We start a search in the product automaton at `(pivot, pivot, succ)`,
* and search for a series of transitions (a `Trace`), such that we end
* at `(pivot, succ, succ)` (see `isReachableFromStartTuple`).
*
* For example, consider the regular expression `/^\d*5\w*$/`.
* The search will start at the tuple `(\d*, \d*, \w*)` and search
* for a path to `(\d*, \w*, \w*)`.
* This path exists, and consists of a single transition in the product automaton,
* where the three corresponding NFA edges all match the character `"5"`.
*
* The start-state in the NFA has an any-transition to itself, this allows us to
* flag regular expressions such as `/a*$/` - which does not have a start anchor -
* and can thus start matching anywhere.
*
* The implementation is not perfect.
* It has the same suffix detection issue as the `js/redos` query, which can cause false positives.
* It also doesn't find all transitions in the product automaton, which can cause false negatives.
*/
private import RegExpTreeView::RegExpTreeView as TreeView
// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
import Dep

4
javascript/ql/src/Expressions/TypoDatabase.qll
View File

@@ -1,4 +0,0 @@
import codeql.typos.TypoDatabase as DB
/** DEPRECATED: Use the `codeql/typos` pack instead. */
deprecated predicate typos = DB::typos/2;