Add deprecated version of renamed public classes

2025-12-17 01:03:14 +01:00 · 2024-04-18 11:40:31 +01:00
parent 317c335269
commit a49b43fdf6
12 changed files with 85 additions and 0 deletions
--- a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -255,6 +255,11 @@ module Fasthttp {
   * Provide modeling for fasthttp.URI Type.
   */
  module URI {
+    /**
+     * DEPRECATED: Use `RemoteFlowSource` instead.
+     */
+    deprecated class UntrustedFlowSource = RemoteFlowSource;
+
    /**
     * The methods as Remote user controllable source which are part of the incoming URL.
     */
@@ -273,6 +278,11 @@ module Fasthttp {
   * Provide modeling for fasthttp.Args Type.
   */
  module Args {
+    /**
+     * DEPRECATED: Use `RemoteFlowSource` instead.
+     */
+    deprecated class UntrustedFlowSource = RemoteFlowSource;
+
    /**
     * The methods as Remote user controllable source which are part of the incoming URL Parameters.
     *
@@ -386,6 +396,11 @@ module Fasthttp {
   * Provide modeling for fasthttp.Request Type.
   */
  module Request {
+    /**
+     * DEPRECATED: Use `RemoteFlowSource` instead.
+     */
+    deprecated class UntrustedFlowSource = RemoteFlowSource;
+
    /**
     * The methods as Remote user controllable source which can be many part of request.
     */
@@ -463,6 +478,11 @@ module Fasthttp {
      override Http::ResponseWriter getResponseWriter() { none() }
    }

+    /**
+     * DEPRECATED: Use `RemoteFlowSource` instead.
+     */
+    deprecated class UntrustedFlowSource = RemoteFlowSource;
+
    /**
     * The methods as Remote user controllable source which are generally related to HTTP request.
     *
@@ -486,6 +506,11 @@ module Fasthttp {
   * Provide Methods of fasthttp.RequestHeader which mostly used as remote user controlled sources.
   */
  module RequestHeader {
+    /**
+     * DEPRECATED: Use `RemoteFlowSource` instead.
+     */
+    deprecated class UntrustedFlowSource = RemoteFlowSource;
+
    /**
     * The methods as Remote user controllable source which are mostly related to HTTP Request Headers.
     *
--- a/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
@@ -29,6 +29,11 @@ module CommandInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /** A source of untrusted data, considered as a taint source for command injection. */
  class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/lib/semmle/go/security/FlowSources.qll
+++ b/go/ql/lib/semmle/go/security/FlowSources.qll
@@ -5,6 +5,11 @@
 import go
 private import semmle.go.dataflow.ExternalFlow as ExternalFlow

+/**
+ * DEPRECATED: Use `RemoteFlowSource` instead.
+ */
+deprecated class UntrustedFlowSource = RemoteFlowSource;
+
 /**
 * A source of data that is controlled by an untrusted user.
 *
@@ -13,6 +18,11 @@ private import semmle.go.dataflow.ExternalFlow as ExternalFlow
 */
 class RemoteFlowSource extends DataFlow::Node instanceof RemoteFlowSource::Range { }

+/**
+ * DEPRECATED: Use `RemoteFlowSource` instead.
+ */
+deprecated module UntrustedFlowSource = RemoteFlowSource;
+
 /** Provides a class for modeling new sources of untrusted data. */
 module RemoteFlowSource {
  /**
--- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
@@ -25,6 +25,11 @@ module LogInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /** A source of untrusted data, considered as a taint source for log injection. */
  class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -42,6 +42,11 @@ module OpenUrlRedirect {
    abstract predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ);
  }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /**
   * A source of third-party user input, considered as a flow source for URL redirects.
   */
--- a/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
@@ -34,6 +34,11 @@ module ReflectedXss {
    }
  }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /**
   * A third-party controllable input, considered as a flow source for reflected XSS.
   */
--- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
@@ -32,6 +32,11 @@ module RequestForgery {
  /** An outgoing sanitizer edge for request forgery vulnerabilities. */
  abstract class SanitizerEdge extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /**
   * A third-party controllable input, considered as a flow source for request forgery.
   */
--- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
@@ -25,6 +25,11 @@ module SqlInjection {
   */
  abstract class Sanitizer extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /** A source of untrusted data, considered as a taint source for SQL injection. */
  class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
@@ -44,6 +44,11 @@ module TaintedPath {
    }
  }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /** A source of untrusted data, considered as a taint source for path traversal. */
  class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
@@ -24,6 +24,11 @@ module XPathInjection {
   */
  abstract class Sanitizer extends DataFlow::ExprNode { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /** A source of untrusted data, used in an XPath expression. */
  class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
+++ b/go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
@@ -16,6 +16,11 @@ module EmailInjection {
   */
  abstract class Sink extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowSourceAsSource` instead.
+   */
+  deprecated class UntrustedFlowSourceAsSource = RemoteFlowSourceAsSource;
+
  /** A source of untrusted data, considered as a taint source for email injection. */
  class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }

--- a/go/ql/src/experimental/CWE-918/SSRF.qll
+++ b/go/ql/src/experimental/CWE-918/SSRF.qll
@@ -87,6 +87,11 @@ module ServerSideRequestForgery {
  /** An outgoing sanitizer edge for request forgery vulnerabilities. */
  abstract class SanitizerEdge extends DataFlow::Node { }

+  /**
+   * DEPRECATED: Use `RemoteFlowAsSource` instead.
+   */
+  deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
+
  /**
   * An user controlled input, considered as a flow source for request forgery.
   */