Merge branch 'main' into henrymercer/merge-back-rc-3.16

2026-04-26 09:15:12 +02:00 · 2024-12-04 13:39:10 +00:00
parent f63f80ab68 80d466ffea
commit 963f084d87
1843 changed files with 40911 additions and 32058 deletions
--- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
+++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -167,19 +167,6 @@ class ExternalApiDataNode extends DataFlow::Node {
  }
 }

-/**
- * DEPRECATED: Use `XmlBombFlow` module instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

--- a/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefault.qll
+++ b/python/ql/src/semmle/python/functions/ModificationOfParameterWithDefault.qll
@@ -16,37 +16,6 @@ private import semmle.python.ApiGraphs
 module ModificationOfParameterWithDefault {
  import ModificationOfParameterWithDefaultCustomizations::ModificationOfParameterWithDefault

-  /**
-   * DEPRECATED: Use `Flow` module instead.
-   *
-   * A data-flow configuration for detecting modifications of a parameters default value.
-   */
-  deprecated class Configuration extends DataFlow::Configuration {
-    /** Record whether the default value being tracked is non-empty. */
-    boolean nonEmptyDefault;
-
-    Configuration() {
-      nonEmptyDefault in [true, false] and
-      this = "ModificationOfParameterWithDefault:" + nonEmptyDefault.toString()
-    }
-
-    override predicate isSource(DataFlow::Node source) {
-      source.(Source).isNonEmpty() = nonEmptyDefault
-    }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isBarrier(DataFlow::Node node) {
-      // if we are tracking a non-empty default, then it is ok to modify empty values,
-      // so our tracking ends at those.
-      nonEmptyDefault = true and node instanceof MustBeEmpty
-      or
-      // if we are tracking a empty default, then it is ok to modify non-empty values,
-      // so our tracking ends at those.
-      nonEmptyDefault = false and node instanceof MustBeNonEmpty
-    }
-  }
-
  private module Config implements DataFlow::StateConfigSig {
    class FlowState = boolean;