mirror of
https://github.com/github/codeql.git
synced 2026-04-18 05:24:01 +02:00
Java: Delete deprecated extension points referencing deleted api.
This commit is contained in:
Anders Schack-Mulligen
@@ -5,8 +5,6 @@
|
||||
import java
|
||||
import semmle.code.java.Maps
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
deprecated import semmle.code.java.dataflow.DataFlow2
|
||||
private import semmle.code.java.dataflow.DataFlow2
|
||||
|
||||
/**
|
||||
* The class `com.cedarsoftware.util.io.JsonReader`.
|
||||
|
||||
@@ -2,9 +2,7 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
deprecated import semmle.code.java.dataflow.DataFlow2
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
deprecated import semmle.code.java.dataflow.TaintTracking3
|
||||
import semmle.code.java.security.AndroidIntentRedirection
|
||||
|
||||
/** A taint tracking configuration for tainted Intents being used to start Android components. */
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
deprecated import semmle.code.java.dataflow.DataFlow3
|
||||
import semmle.code.java.security.CleartextStorageQuery
|
||||
private import semmle.code.java.dataflow.FlowSinks
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
@@ -4,8 +4,6 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
deprecated import semmle.code.java.dataflow.DataFlow2
|
||||
private import semmle.code.java.dataflow.DataFlow2
|
||||
import HardcodedCredentials
|
||||
|
||||
/**
|
||||
|
||||
@@ -26,24 +26,10 @@ class NoState extends PendingIntentState, TNoState {
|
||||
}
|
||||
|
||||
/** A source for an implicit `PendingIntent` flow. */
|
||||
abstract class ImplicitPendingIntentSource extends ApiSourceNode {
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if this source has the specified `state`.
|
||||
*/
|
||||
deprecated predicate hasState(DataFlow::FlowState state) { state = "" }
|
||||
}
|
||||
abstract class ImplicitPendingIntentSource extends ApiSourceNode { }
|
||||
|
||||
/** A sink that sends an implicit and mutable `PendingIntent` to a third party. */
|
||||
abstract class ImplicitPendingIntentSink extends DataFlow::Node {
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if this sink has the specified `state`.
|
||||
*/
|
||||
deprecated predicate hasState(DataFlow::FlowState state) { state = "" }
|
||||
}
|
||||
abstract class ImplicitPendingIntentSink extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps.
|
||||
@@ -62,21 +48,6 @@ class ImplicitPendingIntentAdditionalTaintStep extends Unit {
|
||||
* Holds if the step from `node1` to `node2` creates a mutable `PendingIntent`.
|
||||
*/
|
||||
predicate mutablePendingIntentCreation(DataFlow::Node node1, DataFlow::Node node2) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
* Use `mutablePendingIntentCreation` instead.
|
||||
*
|
||||
* Holds if the step from `node1` to `node2` should be considered a taint
|
||||
* step for flows related to the use of implicit `PendingIntent`s. This step is only applicable
|
||||
* in `state1` and updates the flow state to `state2`.
|
||||
*/
|
||||
deprecated predicate step(
|
||||
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
|
||||
DataFlow::FlowState state2
|
||||
) {
|
||||
none()
|
||||
}
|
||||
}
|
||||
|
||||
private class IntentCreationSource extends ImplicitPendingIntentSource {
|
||||
|
||||
@@ -9,30 +9,12 @@ private import semmle.code.java.security.Sanitizers
|
||||
/**
|
||||
* A source for server-side template injection (SST) vulnerabilities.
|
||||
*/
|
||||
abstract class TemplateInjectionSource extends DataFlow::Node {
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if this source has the specified `state`.
|
||||
*/
|
||||
deprecated predicate hasState(DataFlow::FlowState state) {
|
||||
state instanceof DataFlow::FlowStateEmpty
|
||||
}
|
||||
}
|
||||
abstract class TemplateInjectionSource extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* A sink for server-side template injection (SST) vulnerabilities.
|
||||
*/
|
||||
abstract class TemplateInjectionSink extends DataFlow::Node {
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if this sink has the specified `state`.
|
||||
*/
|
||||
deprecated predicate hasState(DataFlow::FlowState state) {
|
||||
state instanceof DataFlow::FlowStateEmpty
|
||||
}
|
||||
}
|
||||
abstract class TemplateInjectionSink extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps.
|
||||
@@ -46,20 +28,6 @@ class TemplateInjectionAdditionalTaintStep extends Unit {
|
||||
* step for flows related to server-side template injection (SST) vulnerabilities.
|
||||
*/
|
||||
predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if the step from `node1` to `node2` should be considered a taint
|
||||
* step for flows related toserver-side template injection (SST) vulnerabilities.
|
||||
* This step is only applicable in `state1` and updates the flow state to `state2`.
|
||||
*/
|
||||
deprecated predicate isAdditionalTaintStep(
|
||||
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
|
||||
DataFlow::FlowState state2
|
||||
) {
|
||||
none()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -67,22 +35,6 @@ class TemplateInjectionAdditionalTaintStep extends Unit {
|
||||
*/
|
||||
abstract class TemplateInjectionSanitizer extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* A sanitizer for server-side template injection (SST) vulnerabilities.
|
||||
* This sanitizer is only applicable when `TemplateInjectionSanitizerWithState::hasState`
|
||||
* holds for the flow state.
|
||||
*/
|
||||
abstract deprecated class TemplateInjectionSanitizerWithState extends DataFlow::Node {
|
||||
/**
|
||||
* DEPRECATED: Open-ended flow state is not intended to be part of the extension points.
|
||||
*
|
||||
* Holds if this sanitizer has the specified `state`.
|
||||
*/
|
||||
abstract deprecated predicate hasState(DataFlow::FlowState state);
|
||||
}
|
||||
|
||||
private class DefaultTemplateInjectionSource extends TemplateInjectionSource instanceof ActiveThreatModelSource
|
||||
{ }
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.FlowSinks
|
||||
private import semmle.code.java.dataflow.TaintTracking2
|
||||
private import semmle.code.java.dispatch.VirtualDispatch
|
||||
private import semmle.code.java.frameworks.Kryo
|
||||
private import semmle.code.java.frameworks.XStream
|
||||
|
||||
@@ -2,8 +2,6 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
deprecated import semmle.code.java.dataflow.DataFlow3
|
||||
private import semmle.code.java.dataflow.DataFlow3
|
||||
private import semmle.code.java.dataflow.RangeUtils
|
||||
|
||||
private module Frameworks {
|
||||
|
||||
Reference in New Issue
Block a user