Delete experimental models that have been promoted

They were promoted in https://github.com/github/codeql/pull/17590
2026-02-12 13:11:20 +01:00 · 2026-01-08 15:33:59 +00:00
parent 8a80158959
commit cce6823d3b
2 changed files with 1 additions and 121 deletions
--- a/java/ql/src/experimental/semmle/code/java/security/DecompressionBombQuery.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/DecompressionBombQuery.qll
@@ -1,7 +1,7 @@
 deprecated module;

-import experimental.semmle.code.java.security.FileAndFormRemoteSource
 import experimental.semmle.code.java.security.DecompressionBomb::DecompressionBomb
+import semmle.code.java.dataflow.FlowSources

 module DecompressionBombsConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
--- a/java/ql/src/experimental/semmle/code/java/security/FileAndFormRemoteSource.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/FileAndFormRemoteSource.qll
@@ -1,120 +0,0 @@
-deprecated module;
-
-import java
-import semmle.code.java.dataflow.FlowSources
-
-class CommonsFileUploadAdditionalTaintStep extends Unit {
-  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
-}
-
-module ApacheCommonsFileUpload {
-  module RemoteFlowSource {
-    class TypeServletFileUpload extends RefType {
-      TypeServletFileUpload() {
-        this.hasQualifiedName("org.apache.commons.fileupload.servlet", "ServletFileUpload")
-      }
-    }
-
-    class TypeFileUpload extends RefType {
-      TypeFileUpload() {
-        this.getAStrictAncestor*().hasQualifiedName("org.apache.commons.fileupload", "FileItem")
-      }
-    }
-
-    class TypeFileItemStream extends RefType {
-      TypeFileItemStream() {
-        this.getAStrictAncestor*()
-            .hasQualifiedName("org.apache.commons.fileupload", "FileItemStream")
-      }
-    }
-
-    class ServletFileUpload extends RemoteFlowSource {
-      ServletFileUpload() {
-        exists(MethodCall ma |
-          ma.getReceiverType() instanceof TypeServletFileUpload and
-          ma.getCallee().hasName("parseRequest") and
-          this.asExpr() = ma
-        )
-      }
-
-      override string getSourceType() { result = "Apache Commons Fileupload" }
-    }
-
-    private class FileItemRemoteSource extends RemoteFlowSource {
-      FileItemRemoteSource() {
-        exists(MethodCall ma |
-          ma.getReceiverType() instanceof TypeFileUpload and
-          ma.getCallee()
-              .hasName([
-                  "getInputStream", "getFieldName", "getContentType", "get", "getName", "getString"
-                ]) and
-          this.asExpr() = ma
-        )
-      }
-
-      override string getSourceType() { result = "Apache Commons Fileupload" }
-    }
-
-    private class FileItemStreamRemoteSource extends RemoteFlowSource {
-      FileItemStreamRemoteSource() {
-        exists(MethodCall ma |
-          ma.getReceiverType() instanceof TypeFileItemStream and
-          ma.getCallee().hasName(["getContentType", "getFieldName", "getName", "openStream"]) and
-          this.asExpr() = ma
-        )
-      }
-
-      override string getSourceType() { result = "Apache Commons Fileupload" }
-    }
-  }
-
-  module Util {
-    class TypeStreams extends RefType {
-      TypeStreams() { this.hasQualifiedName("org.apache.commons.fileupload.util", "Streams") }
-    }
-
-    private class AsStringAdditionalTaintStep extends CommonsFileUploadAdditionalTaintStep {
-      override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
-        exists(Call call |
-          call.getCallee().getDeclaringType() instanceof TypeStreams and
-          call.getArgument(0) = n1.asExpr() and
-          call = n2.asExpr() and
-          call.getCallee().hasName("asString")
-        )
-      }
-    }
-
-    private class CopyAdditionalTaintStep extends CommonsFileUploadAdditionalTaintStep {
-      override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
-        exists(Call call |
-          call.getCallee().getDeclaringType() instanceof TypeStreams and
-          call.getArgument(0) = n1.asExpr() and
-          call.getArgument(1) = n2.asExpr() and
-          call.getCallee().hasName("copy")
-        )
-      }
-    }
-  }
-}
-
-module ServletRemoteMultiPartSources {
-  class TypePart extends RefType {
-    TypePart() { this.hasQualifiedName(["javax.servlet.http", "jakarta.servlet.http"], "Part") }
-  }
-
-  private class ServletPartCalls extends RemoteFlowSource {
-    ServletPartCalls() {
-      exists(MethodCall ma |
-        ma.getReceiverType() instanceof TypePart and
-        ma.getCallee()
-            .hasName([
-                "getInputStream", "getName", "getContentType", "getHeader", "getHeaders",
-                "getHeaderNames", "getSubmittedFileName", "write"
-              ]) and
-        this.asExpr() = ma
-      )
-    }
-
-    override string getSourceType() { result = "Javax Servlet Http" }
-  }
-}