Remove initialization vectors from SensitiveApi

java/ql/lib/ext/javax.crypto.spec.model.yml

@@ -23,5 +23,3 @@ extensions:
       - ["javax.crypto.spec", "DESedeKeySpec", False, "isParityAdjusted", "(byte[],int)", "", "Argument[0]", "credentials-key", "hq-generated"]
       - ["javax.crypto.spec", "SecretKeySpec", False, "SecretKeySpec", "(byte[],String)", "", "Argument[0]", "credentials-key", "hq-generated"]
       - ["javax.crypto.spec", "SecretKeySpec", False, "SecretKeySpec", "(byte[],int,int,String)", "", "Argument[0]", "credentials-key", "hq-generated"]
-      - ["javax.crypto.spec", "IvParameterSpec", False, "IvParameterSpec", "(byte[])", "", "Argument[0]", "encryption-iv", "hq-generated"]
-      - ["javax.crypto.spec", "IvParameterSpec", False, "IvParameterSpec", "(byte[],int,int)", "", "Argument[0]", "encryption-iv", "hq-generated"]

java/ql/lib/semmle/code/java/security/SensitiveApi.qll

@@ -32,13 +32,6 @@ class CryptoKeySink extends CredentialsSinkNode {
   CryptoKeySink() { sinkNode(this, "credentials-key") }
 }
 
-/**
- * A node representing a cryptographic initialization vector being passed to a method.
- */
-class InitializationVectorSink extends DataFlow::Node {
-  InitializationVectorSink() { sinkNode(this, "encryption-iv") }
-}
-
 /**
  * DEPRECATED: Use the `PasswordSink` class instead.
  * Holds if callable `c` from a standard Java API expects a password parameter at index `i`.
@@ -73,8 +66,4 @@ deprecated predicate javaApiCallableCryptoKeyParam(Callable c, int i) {
  * DEPRECATED: Use the `CredentialsSinkNode` class instead.
  * Holds if callable `c` from a known API expects a credential parameter at index `i`.
  */
-deprecated predicate otherApiCallableCredentialParam(Callable c, int i) {
-  exists(InitializationVectorSink sink, MethodAccess ma |
-    sink.asExpr() = ma.getArgument(i) and c = ma.getCallee()
-  )
-}
+deprecated predicate otherApiCallableCredentialParam(Callable c, int i) { none() }