Java: Delete old deprecated code.

2026-03-01 21:34:50 +01:00 · 2019-07-23 10:09:51 +02:00
parent 247848c931
commit a8c10e218c
4 changed files with 6 additions and 154 deletions
--- a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
@@ -150,70 +150,6 @@ abstract class UserInput extends DataFlow::Node { }
 */
 deprecated class RemoteUserInput extends UserInput {
  RemoteUserInput() { this instanceof RemoteFlowSource }
-
-  /**
-   * DEPRECATED: Use a configuration with a defined sink instead.
-   *
-   * Holds if taint can flow from this `RemoteUserInput` to `sink`.
-   *
-   * In addition to the basic taint flow, this allows a path to end in a number
-   * of steps through instance fields.
-   */
-  deprecated predicate flowsTo(DataFlow::Node sink) { remoteUserInputFlow(this, sink) }
-}
-
-/**
- * Holds if taint can flow from `node1` to `node2` in either one local step or
- * through an instance field.
- */
-private predicate localInstanceFieldStep(DataFlow::Node node1, DataFlow::Node node2) {
-  TaintTracking::localTaintStep(node1, node2)
-  or
-  exists(InstanceField field |
-    node1.asExpr() = field.getAnAssignedValue()
-    or
-    exists(Assignment assign | assign.getRhs() = node1.asExpr() |
-      assign.getDest().(ArrayAccess).getArray() = field.getAnAccess()
-    )
-  |
-    node2.asExpr() = field.getAnAccess()
-  )
-}
-
-private module RemoteUserInputFlow {
-  private import semmle.code.java.dataflow.internal.DataFlowImplDepr
-  private import semmle.code.java.security.SecurityTests
-  private import semmle.code.java.security.Validation
-
-  deprecated class RemoteUserInputConfig extends Configuration {
-    RemoteUserInputConfig() { this = "FlowSources.qll:RemoteUserInputConfig" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
-
-    override predicate isSink(DataFlow::Node sink) { any() }
-
-    override int fieldFlowBranchLimit() { result = 0 }
-
-    override predicate isBarrier(DataFlow::Node node) {
-      // Ignore paths through test code.
-      node.getEnclosingCallable().getDeclaringType() instanceof NonSecurityTestClass or
-      exists(ValidatedVariable var | node.asExpr() = var.getAnAccess())
-    }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-      TaintTracking::localAdditionalTaintStep(node1, node2)
-    }
-  }
-}
-
-cached
-deprecated private predicate remoteUserInputFlow(RemoteUserInput src, DataFlow::Node sink) {
-  any(RemoteUserInputFlow::RemoteUserInputConfig config).hasFlow(src, sink)
-  or
-  exists(DataFlow::Node mid |
-    remoteUserInputFlow(src, mid) and
-    localInstanceFieldStep(mid, sink)
-  )
 }

 /** Input that may be controlled by a local user. */