JavaScript: Remove a few other deprecated predicates and classes.

javascript/ql/src/semmle/javascript/AMD.qll

@@ -51,14 +51,6 @@ class AMDModuleDefinition extends CallExpr {
     result = getARequireCall().getAnArgument()
   }
 
-  /**
-   * DEPRECATED: Use `getFactoryNode` instead.
-   *
-   * Gets the factory expression of this module definition,
-   * which may be a function or a literal.
-   */
-  deprecated Expr getFactoryExpr() { result = getFactoryNode().asExpr() }
-
   /**
    * Gets a data flow node containing the factory value of this module definition.
    */

javascript/ql/src/semmle/javascript/CanonicalNames.qll

@@ -221,13 +221,6 @@ class TypeName extends CanonicalName {
    */
   TypeReference getATypeReference() { result.getTypeName() = this }
 
-  /**
-   * DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead.
-   *
-   * Gets the qualified name without the root.
-   */
-  deprecated string getQualifiedName() { result = getRelativeName() }
-
   /**
    * Gets a type named in the `extends` or `implements` clause of this type.
    */
@@ -265,13 +258,6 @@ class Namespace extends CanonicalName {
    */
   NamespaceAccess getAnAccess() { result.getNamespace() = this }
 
-  /**
-   * DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead.
-   *
-   * Gets the qualified name without the root.
-   */
-  deprecated string getQualifiedName() { result = getRelativeName() }
-
   /** Gets a namespace nested in this one. */
   Namespace getNamespaceMember(string name) {
     result.getParent() = this and

javascript/ql/src/semmle/javascript/StandardLibrary.qll

@@ -33,15 +33,6 @@ class DirectEval extends CallExpr {
   predicate mayAffect(LocalVariable lv) { getParent+() = lv.getScope().getScopeElement() }
 }
 
-/**
- * DEPRECATED. Use `JsonParserCall` and the data flow API instead.
- *
- * A call to `JSON.parse`.
- */
-deprecated class JsonParseCall extends MethodCallExpr {
-  JsonParseCall() { this = DataFlow::globalVarRef("JSON").getAMemberCall("parse").asExpr() }
-}
-
 /**
  * Flow analysis for `this` expressions inside a function that is called with
  * `Array.prototype.map` or a similar Array function that binds `this`.

javascript/ql/src/semmle/javascript/dataflow/Nodes.qll

@@ -28,9 +28,6 @@ class InvokeNode extends DataFlow::SourceNode {
   /** Gets the name of the function or method being invoked, if it can be determined. */
   string getCalleeName() { result = impl.getCalleeName() }
 
-  /** DEPRECATED: Use `getCalleeNode()` instead. */
-  deprecated DataFlow::Node getCallee() { result = getCalleeNode() }
-
   /** Gets the data flow node specifying the function to be called. */
   DataFlow::Node getCalleeNode() { result = impl.getCalleeNode() }
 

javascript/ql/src/semmle/javascript/dataflow/Sources.qll

@@ -54,18 +54,6 @@ class SourceNode extends DataFlow::Node {
     result = getAPropertyReference(propName)
   }
 
-  /**
-   * DEPRECATED: Use `getAPropertyReference` instead.
-   *
-   * Gets an access to property `propName` on this node, either through
-   * a dot expression (as in `x.propName`) or through an index expression
-   * (as in `x["propName"]`).
-   */
-  deprecated DataFlow::PropRead getAPropertyAccess(string propName) {
-    result = getAPropertyReference(propName) and
-    result.asExpr() instanceof PropAccess
-  }
-
   /**
    * Holds if there is an assignment to property `propName` on this node,
    * and the right hand side of the assignment is `rhs`.

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -100,7 +100,6 @@ module TaintTracking {
 
     final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
       isAdditionalTaintStep(pred, succ) or
-      pred = succ.(FlowTarget).getATaintSource() or
       any(AdditionalTaintStep dts).step(pred, succ)
     }
 
@@ -145,15 +144,6 @@ module TaintTracking {
   abstract class LabeledSanitizerGuardNode extends SanitizerGuardNode,
     DataFlow::LabeledBarrierGuardNode { }
 
-  /**
-   * DEPRECATED: Override `Configuration::isAdditionalTaintStep` or use
-   * `AdditionalTaintStep` instead.
-   */
-  abstract class FlowTarget extends DataFlow::Node {
-    /** Gets another data flow node from which taint is propagated to this node. */
-    abstract DataFlow::Node getATaintSource();
-  }
-
   /**
    * A taint-propagating data flow edge that should be added to all taint tracking
    * configurations in addition to standard data flow edges.
@@ -172,9 +162,6 @@ module TaintTracking {
     abstract predicate step(DataFlow::Node pred, DataFlow::Node succ);
   }
 
-  /** DEPRECATED: Use `AdditionalTaintStep` instead. */
-  deprecated class DefaultTaintStep = AdditionalTaintStep;
-
   /**
    * A taint propagating data flow edge through object or array elements and
    * promises.
@@ -881,30 +868,4 @@ module TaintTracking {
 
     override predicate appliesTo(Configuration cfg) { any() }
   }
-
-  /**
-   * An expression that can act as a sanitizer for a variable when appearing
-   * in a condition.
-   *
-   * DEPRECATED: use `AdditionalSanitizerGuardNode` instead.
-   */
-  abstract deprecated class SanitizingGuard extends Expr {
-    /**
-     * Holds if this expression sanitizes expression `e` for the purposes of taint-tracking
-     * configuration `cfg`, provided it evaluates to `outcome`.
-     */
-    abstract predicate sanitizes(Configuration cfg, boolean outcome, Expr e);
-  }
-
-  /**
-   * Support registration of sanitizers with the deprecated type `SanitizingGuard`.
-   */
-  deprecated private class AdditionalSanitizingGuard extends AdditionalSanitizerGuardNode,
-    DataFlow::ValueNode {
-    override SanitizingGuard astNode;
-
-    override predicate sanitizes(boolean outcome, Expr e) { astNode.sanitizes(_, outcome, e) }
-
-    override predicate appliesTo(Configuration cfg) { astNode.sanitizes(cfg, _, _) }
-  }
 }

javascript/ql/src/semmle/javascript/frameworks/Express.qll

@@ -34,25 +34,6 @@ module Express {
     result = DataFlow::moduleMember("express", "Router").getAnInvocation()
   }
 
-  /**
-   * DEPRECATED: Use `appCreation()` instead.
-   *
-   * Holds if `e` is an expression that creates a new Express application.
-   */
-  deprecated predicate isAppCreation(InvokeExpr e) { e = appCreation().asExpr() }
-
-  /**
-   * DEPRECATED: Use `appCreation()` instead.
-   *
-   * Holds if `e` is an Express application object
-   */
-  deprecated predicate isApp(Expr e) { any(Application app).flowsTo(e) }
-
-  /**
-   * Holds if `e` creates an Express router (possibly an application).
-   */
-  deprecated predicate isRouterCreation(InvokeExpr e) { e = routerCreation().asExpr() }
-
   /**
    * Holds if `e` may refer to the given `router` object.
    */

javascript/ql/src/semmle/javascript/frameworks/React.qll

@@ -54,32 +54,11 @@ abstract class ReactComponent extends ASTNode {
     result.(DataFlow::ThisNode).getBinder().getFunction() = getInstanceMethod(_)
   }
 
-  /**
-   * Gets the `this` node in an instance method of this component.
-   *
-   * DEPRECATED: Use `getAThisNode` instead.
-   */
-  deprecated DataFlow::SourceNode getAThisAccess() { result = getAThisNode() }
-
-  /**
-   * Gets an access to the `props` object of this component.
-   *
-   * DEPRECATED: Use `getADirectPropsAccess` instead.
-   */
-  deprecated DataFlow::SourceNode getAPropsSource() { result = getADirectPropsAccess() }
-
   /**
    * Gets an access to the `props` object of this component.
    */
   abstract DataFlow::SourceNode getADirectPropsAccess();
 
-  /**
-   * Gets an access to the `state` object of this component.
-   *
-   * DEPRECATED: Use `getADirectStateAccess` instead.
-   */
-  deprecated DataFlow::SourceNode getAStateSource() { result = getADirectStateAccess() }
-
   /**
    * Gets an access to the `state` object of this component.
    */

javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll

@@ -83,11 +83,6 @@ module urijs {
  * Provides classes for working with [uri-js](https://github.com/garycourt/uri-js) code.
  */
 module uridashjs {
-  /**
-   * Gets a data flow source node for the uridashjs library.
-   */
-  deprecated DataFlow::SourceNode uridashjs() { result = DataFlow::moduleImport("uri-js") }
-
   /**
    * Gets a data flow source node for member `name` of the uridashjs library.
    */
@@ -121,11 +116,6 @@ module uridashjs {
  * Provides classes for working with [punycode](https://github.com/bestiejs/punycode.js) code.
  */
 module punycode {
-  /**
-   * Gets a data flow source node for the punycode library.
-   */
-  deprecated DataFlow::SourceNode punycode() { result = DataFlow::moduleImport("punycode") }
-
   /**
    * Gets a data flow source node for member `name` of the punycode library.
    */
@@ -197,13 +187,6 @@ module urlParse {
  * Provides classes for working with [querystringify](https://github.com/unshiftio/querystringify) code.
  */
 module querystringify {
-  /**
-   * Gets a data flow source node for the querystringify library.
-   */
-  deprecated DataFlow::SourceNode querystringify() {
-    result = DataFlow::moduleImport("querystringify")
-  }
-
   /**
    * Gets a data flow source node for member `name` of the querystringify library.
    */
@@ -235,13 +218,6 @@ module querystringify {
  * Provides classes for working with [query-string](https://github.com/sindresorhus/query-string) code.
  */
 module querydashstring {
-  /**
-   * Gets a data flow source node for the query-string library.
-   */
-  deprecated DataFlow::SourceNode querydashstring() {
-    result = DataFlow::moduleImport("query-string")
-  }
-
   /**
    * Gets a data flow source node for member `name` of the query-string library.
    */
@@ -275,11 +251,6 @@ module querydashstring {
  * Provides classes for working with [url](https://nodejs.org/api/url.html) code.
  */
 module url {
-  /**
-   * Gets a data flow source node for the url library.
-   */
-  deprecated DataFlow::SourceNode url() { result = DataFlow::moduleImport("url") }
-
   /**
    * Gets a data flow source node for member `name` of the url library.
    */
@@ -310,11 +281,6 @@ module url {
  * Provides classes for working with [querystring](https://nodejs.org/api/querystring.html) code.
  */
 module querystring {
-  /**
-   * Gets a data flow source node for the querystring library.
-   */
-  deprecated DataFlow::SourceNode querystring() { result = DataFlow::moduleImport("querystring") }
-
   /**
    * Gets a data flow source node for member `name` of the querystring library.
    */

javascript/ql/src/semmle/javascript/frameworks/jQuery.qll

@@ -57,30 +57,6 @@ class JQueryMethodCall extends CallExpr {
    */
   string getMethodName() { result = name }
 
-  /**
-   * DEPRECATED: Use `interpretsArgumentAsHtml` instead.
-   *
-   * Holds if this call interprets its arguments as HTML.
-   */
-  deprecated predicate interpretsArgumentsAsHtml() {
-    name = "addClass" or
-    name = "after" or
-    name = "append" or
-    name = "appendTo" or
-    name = "before" or
-    name = "html" or
-    name = "insertAfter" or
-    name = "insertBefore" or
-    name = "parseHTML" or
-    name = "prepend" or
-    name = "prependTo" or
-    name = "prop" or
-    name = "replaceWith" or
-    name = "wrap" or
-    name = "wrapAll" or
-    name = "wrapInner"
-  }
-
   /**
    * Holds if `e` is an argument that this method may interpret as HTML.
    *

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected

@@ -1,14 +0,0 @@
-WARNING: Predicate flowsFrom has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:21,11-20)
-WARNING: Type SanitizingGuard has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:8,34-64)
-WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:14,20-44)
-WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:20,6-30)
-| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value |
-| formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
-| formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value |
-| partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:13:42:13:48 | req.url | user-provided value |
-| partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:22:51:22:57 | req.url | user-provided value |
-| partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value |
-| partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value |
-| promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value |
-| tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value |
-| tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.ql

@@ -1,23 +0,0 @@
-//
-// This is a test for https://lgtm.com/blog/etherpad_CVE-2018-6835
-//
-
-import javascript
-import semmle.javascript.security.dataflow.ReflectedXss
-
-class IsVarNameSanitizer extends TaintTracking::SanitizingGuard, CallExpr {
-  IsVarNameSanitizer() {
-    getCalleeName() = "isVarName"
-  }
-
-  override predicate sanitizes(TaintTracking::Configuration cfg, boolean outcome, Expr e) {
-    cfg instanceof XssDataFlowConfiguration and
-    outcome = true and
-    e = getArgument(0)
-  }
-}
-
-from XssDataFlowConfiguration xss, DataFlow::Node source, DataFlow::Node sink
-where xss.flowsFrom(sink, source)
-select sink, "Cross-site scripting vulnerability due to $@.",
-       source, "user-provided value"