XXE Configuration Deprecation messages

2025-12-23 20:26:32 +01:00 · 2023-03-15 15:46:22 -04:00
parent 310af99843
commit d317de14c9
2 changed files with 4 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll
@@ -6,6 +6,8 @@ private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.XxeQuery

 /**
+ * DEPRECATED: Use `XxeLocalFlow` instead.
+ *
 * A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion.
 */
 deprecated class XxeLocalConfig extends TaintTracking::Configuration {
--- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll
@@ -6,6 +6,8 @@ private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.security.XxeQuery

 /**
+ * DEPRECATED: Use `XxeFlow` instead.
+ *
 * A taint-tracking configuration for unvalidated remote user input that is used in XML external entity expansion.
 */
 deprecated class XxeConfig extends TaintTracking::Configuration {