Go: Remove deprecated configuration classes referencing deleted api.

go/ql/lib/go.qll

@@ -25,11 +25,9 @@ import semmle.go.controlflow.BasicBlocks
 import semmle.go.controlflow.ControlFlowGraph
 import semmle.go.controlflow.IR
 import semmle.go.dataflow.DataFlow
-import semmle.go.dataflow.DataFlow2
 import semmle.go.dataflow.GlobalValueNumbering
 import semmle.go.dataflow.SSA
 import semmle.go.dataflow.TaintTracking
-import semmle.go.dataflow.TaintTracking2
 import semmle.go.frameworks.Afero
 import semmle.go.frameworks.AwsLambda
 import semmle.go.frameworks.Beego

go/ql/lib/semmle/go/security/CleartextLogging.qll

@@ -16,49 +16,6 @@ import go
 module CleartextLogging {
   import CleartextLoggingCustomizations::CleartextLogging
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A data-flow tracking configuration for clear-text logging of sensitive information.
-   *
-   * This configuration identifies flows from `Source`s, which are sources of
-   * sensitive data, to `Sink`s, which is an abstract class representing all
-   * the places sensitive data may be stored in cleartext. Additional sources or sinks can be
-   * added either by extending the relevant class, or by subclassing this configuration itself,
-   * and amending the sources and sinks.
-   */
-  deprecated class Configuration extends DataFlow::Configuration {
-    Configuration() { this = "CleartextLogging" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isBarrier(DataFlow::Node node) {
-      node instanceof Barrier
-      or
-      exists(DataFlow::CallNode call | node = call.getResult() |
-        call.getTarget() = Builtin::error().getType().getMethod("Error")
-        or
-        call.getTarget().(Method).hasQualifiedName("fmt", "Stringer", "String")
-      )
-    }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
-      // A taint propagating data-flow edge through structs: a tainted write taints the entire struct.
-      exists(Write write |
-        write.writesField(trg.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, src)
-      )
-      or
-      // taint steps that do not include flow through fields. Field reads would produce FPs due to
-      // the additional taint step above that taints whole structs from individual field writes.
-      TaintTracking::localTaintStep(src, trg) and
-      not TaintTracking::fieldReadStep(src, trg) and
-      // Also exclude protobuf field fetches, since they amount to single field reads.
-      not any(Protobuf::GetMethod gm).taintStep(src, trg)
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll

@@ -53,132 +53,6 @@ int getIntTypeBitSize(File file, int architectureSpecificBitSize) {
   result = architectureSpecificBitSize
 }
 
-/**
- * Holds if converting from an integer types with size `sourceBitSize` to
- * one with size `sinkBitSize` can produce unexpected values, where 0 means
- * architecture-dependent.
- *
- * Architecture-dependent bit sizes can be 32 or 64. To catch flows that
- * only manifest on 64-bit architectures we consider an
- * architecture-dependent source bit size to be 64. To catch flows that
- * only happen on 32-bit architectures we consider an
- * architecture-dependent sink bit size to be 32. We exclude the case where
- * both source and sink have architecture-dependent bit sizes.
- */
-private predicate isIncorrectIntegerConversion(int sourceBitSize, int sinkBitSize) {
-  sourceBitSize in [16, 32, 64] and
-  sinkBitSize in [8, 16, 32] and
-  sourceBitSize > sinkBitSize
-  or
-  // Treat `sourceBitSize = 0` like `sourceBitSize = 64`, and exclude `sinkBitSize = 0`
-  sourceBitSize = 0 and
-  sinkBitSize in [8, 16, 32]
-  or
-  // Treat `sinkBitSize = 0` like `sinkBitSize = 32`, and exclude `sourceBitSize = 0`
-  sourceBitSize = 64 and
-  sinkBitSize = 0
-}
-
-/**
- * DEPRECATED: use `Flow` instead.
- *
- * A taint-tracking configuration for reasoning about when an integer
- * obtained from parsing a string flows to a type conversion to a smaller
- * integer types, which could cause unexpected values.
- */
-deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
-  boolean sinkIsSigned;
-  int sourceBitSize;
-  int sinkBitSize;
-
-  ConversionWithoutBoundsCheckConfig() {
-    sinkIsSigned in [true, false] and
-    isIncorrectIntegerConversion(sourceBitSize, sinkBitSize) and
-    this = "ConversionWithoutBoundsCheckConfig" + sourceBitSize + sinkIsSigned + sinkBitSize
-  }
-
-  /** Gets the bit size of the source. */
-  int getSourceBitSize() { result = sourceBitSize }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(
-      DataFlow::CallNode c, IntegerParser::Range ip, int apparentBitSize, int effectiveBitSize
-    |
-      c.getTarget() = ip and source = c.getResult(0)
-    |
-      (
-        apparentBitSize = ip.getTargetBitSize()
-        or
-        // If we are reading a variable, check if it is
-        // `strconv.IntSize`, and use 0 if it is.
-        exists(DataFlow::Node rawBitSize | rawBitSize = ip.getTargetBitSizeInput().getNode(c) |
-          if rawBitSize = any(Strconv::IntSize intSize).getARead()
-          then apparentBitSize = 0
-          else apparentBitSize = rawBitSize.getIntValue()
-        )
-      ) and
-      (
-        if apparentBitSize = 0
-        then effectiveBitSize = getIntTypeBitSize(source.getFile(), 0)
-        else effectiveBitSize = apparentBitSize
-      ) and
-      // `effectiveBitSize` could be any value between 0 and 64, but we
-      // can round it up to the nearest size of an integer type without
-      // changing behavior.
-      sourceBitSize = min(int b | b in [0, 8, 16, 32, 64] and b >= effectiveBitSize)
-    )
-  }
-
-  /**
-   * Holds if `sink` is a typecast to an integer type with size `bitSize` (where
-   * 0 represents architecture-dependent) and the expression being typecast is
-   * not also in a right-shift expression. We allow this case because it is
-   * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on.
-   */
-  predicate isSinkWithBitSize(DataFlow::TypeCastNode sink, int bitSize) {
-    sink.asExpr() instanceof ConversionExpr and
-    exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
-      (
-        bitSize = integerType.getSize()
-        or
-        not exists(integerType.getSize()) and
-        bitSize = getIntTypeBitSize(sink.getFile(), 0)
-      ) and
-      if integerType instanceof SignedIntegerType then sinkIsSigned = true else sinkIsSigned = false
-    ) and
-    not exists(ShrExpr shrExpr |
-      shrExpr.getLeftOperand().getGlobalValueNumber() =
-        sink.getOperand().asExpr().getGlobalValueNumber() or
-      shrExpr.getLeftOperand().(AndExpr).getAnOperand().getGlobalValueNumber() =
-        sink.getOperand().asExpr().getGlobalValueNumber()
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    // We use the argument of the type conversion as the configuration sink so that we
-    // can sanitize the result of the conversion to prevent flow on to further sinks
-    // without needing to use `isSanitizerOut`, which doesn't work with flow states
-    // (and therefore the legacy `TaintTracking::Configuration` class).
-    this.isSinkWithBitSize(sink.getASuccessor(), sinkBitSize)
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    // To catch flows that only happen on 32-bit architectures we
-    // consider an architecture-dependent sink bit size to be 32.
-    exists(UpperBoundCheckGuard g, int bitSize |
-      if sinkBitSize != 0 then bitSize = sinkBitSize else bitSize = 32
-    |
-      node = DataFlow::BarrierGuard<upperBoundCheckGuard/3>::getABarrierNodeForGuard(g) and
-      if sinkIsSigned = true then g.isBoundFor(bitSize, 32) else g.isBoundFor(bitSize - 1, 32)
-    )
-    or
-    exists(int bitSize |
-      isIncorrectIntegerConversion(sourceBitSize, bitSize) and
-      this.isSinkWithBitSize(node, bitSize)
-    )
-  }
-}
-
 private int validBitSize() { result = [7, 8, 15, 16, 31, 32, 63, 64] }
 
 private newtype TArchitectureBitSize =

go/ql/lib/semmle/go/security/InsecureRandomness.qll

@@ -16,25 +16,6 @@ import go
 module InsecureRandomness {
   import InsecureRandomnessCustomizations::InsecureRandomness
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about random values that are
-   * not cryptographically secure.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "InsecureRandomness" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { this.isSinkWithKind(sink, _) }
-
-    /** Holds if `sink` is a sink for this configuration with kind `kind`. */
-    predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
-
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-  }
-
   /** Holds if `sink` is a sink for this configuration with kind `kind`. */
   predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
 

go/ql/lib/semmle/go/security/OpenUrlRedirect.qll

@@ -17,51 +17,6 @@ import UrlConcatenation
 module OpenUrlRedirect {
   import OpenUrlRedirectCustomizations::OpenUrlRedirect
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A data-flow configuration for reasoning about unvalidated URL redirections.
-   */
-  deprecated class Configuration extends DataFlow::Configuration {
-    Configuration() { this = "OpenUrlRedirect" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // taint steps that do not include flow through fields
-      TaintTracking::localTaintStep(pred, succ) and not TaintTracking::fieldReadStep(pred, succ)
-      or
-      // explicit extra taint steps for this query
-      any(AdditionalStep s).hasTaintStep(pred, succ)
-      or
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-      or
-      // propagate out of most URL fields, but not `ForceQuery` and `Scheme`
-      exists(Field f, string fn |
-        f.hasQualifiedName("net/url", "URL", fn) and
-        not fn in ["ForceQuery", "Scheme"]
-      |
-        succ.(Read).readsField(pred, f)
-      )
-    }
-
-    override predicate isBarrierOut(DataFlow::Node node) {
-      // block propagation of this unsafe value when its host is overwritten
-      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(node.getASuccessor(), f, _)
-      )
-      or
-      hostnameSanitizingPrefixEdge(node, _)
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/ReflectedXss.qll

@@ -16,24 +16,6 @@ import go
 module ReflectedXss {
   import ReflectedXssCustomizations::ReflectedXss
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about XSS.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "ReflectedXss" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/RequestForgery.qll

@@ -16,36 +16,6 @@ import go
 module RequestForgery {
   import RequestForgeryCustomizations::RequestForgery
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about request forgery.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "RequestForgery" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-
-    override predicate isSanitizerOut(DataFlow::Node node) {
-      super.isSanitizerOut(node) or
-      node instanceof SanitizerEdge
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/SafeUrlFlow.qll

@@ -16,35 +16,6 @@ import go
 module SafeUrlFlow {
   import SafeUrlFlowCustomizations::SafeUrlFlow
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about safe URLs.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "SafeUrlFlow" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-    }
-
-    override predicate isSanitizerOut(DataFlow::Node node) {
-      // block propagation of this safe value when its host is overwritten
-      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(node.getASuccessor(), f, _)
-      )
-      or
-      node instanceof SanitizerEdge
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/SqlInjection.qll

@@ -13,28 +13,6 @@ import go
 module SqlInjection {
   import SqlInjectionCustomizations::SqlInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "SqlInjection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      NoSql::isAdditionalMongoTaintStep(pred, succ)
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/StoredCommand.qll

@@ -16,28 +16,6 @@ import CommandInjectionCustomizations
  * injection vulnerabilities.
  */
 module StoredCommand {
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about command-injection vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "StoredCommand" }
-
-    override predicate isSource(DataFlow::Node source) {
-      source instanceof StoredXss::Source and
-      // exclude file names, since those are not generally an issue
-      not source instanceof StoredXss::FileNameSource
-    }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjection::Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof CommandInjection::Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) {
       source instanceof StoredXss::Source and

go/ql/lib/semmle/go/security/StoredXss.qll

@@ -16,24 +16,6 @@ import go
 module StoredXss {
   import StoredXssCustomizations::StoredXss
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about XSS.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "StoredXss" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/StringBreak.qll

@@ -13,27 +13,6 @@ import go
 module StringBreak {
   import StringBreakCustomizations::StringBreak
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about unsafe-quoting vulnerabilities,
-   * parameterized with the type of quote being tracked.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Quote quote;
-
-    Configuration() { this = "StringBreak" + quote }
-
-    /** Gets the type of quote being tracked by this configuration. */
-    Quote getQuote() { result = quote }
-
-    override predicate isSource(DataFlow::Node nd) { nd instanceof Source }
-
-    override predicate isSink(DataFlow::Node nd) { quote = nd.(Sink).getQuote() }
-
-    override predicate isSanitizer(DataFlow::Node nd) { quote = nd.(Sanitizer).getQuote() }
-  }
-
   private module Config implements DataFlow::StateConfigSig {
     /** The flow state that we track is the type of quote used. */
     class FlowState = Quote;

go/ql/lib/semmle/go/security/TaintedPath.qll

@@ -11,24 +11,6 @@ import go
 module TaintedPath {
   import TaintedPathCustomizations::TaintedPath
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about path-traversal vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "TaintedPath" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll

@@ -13,24 +13,6 @@ import go
 module UnsafeUnzipSymlink {
   import UnsafeUnzipSymlinkCustomizations::UnsafeUnzipSymlink
 
-  /**
-   * DEPRECATED: Use copies of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
-   *
-   * A taint-flow configuration tracking archive header fields flowing to a `path/filepath.EvalSymlinks` call.
-   */
-  deprecated class EvalSymlinksConfiguration extends TaintTracking2::Configuration {
-    EvalSymlinksConfiguration() { this = "Archive header field symlinks resolved" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof FilenameWithSymlinks }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof EvalSymlinksSink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof EvalSymlinksInvalidator
-    }
-  }
-
   // Archive header field symlinks resolved
   private module EvalSymlinksConfig implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof FilenameWithSymlinks }
@@ -53,28 +35,6 @@ module UnsafeUnzipSymlink {
     EvalSymlinksFlow::flow(getASimilarReadNode(node), _)
   }
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-flow configuration tracking archive header fields flowing to an `os.Symlink` call,
-   * which never flow to a `path/filepath.EvalSymlinks` call.
-   */
-  deprecated class SymlinkConfiguration extends TaintTracking::Configuration {
-    SymlinkConfiguration() { this = "Unsafe unzipping of symlinks" }
-
-    override predicate isSource(DataFlow::Node source) {
-      source instanceof FilenameWithSymlinks and
-      not symlinksEvald(source)
-    }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof SymlinkSink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof SymlinkSanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) {
       source instanceof FilenameWithSymlinks and

go/ql/lib/semmle/go/security/XPathInjection.qll

@@ -13,24 +13,6 @@ import go
 module XPathInjection {
   import XPathInjectionCustomizations::XPathInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about untrusted user input used in an XPath expression.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "XPathInjection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/ZipSlip.qll

@@ -11,24 +11,6 @@ import go
 module ZipSlip {
   import ZipSlipCustomizations::ZipSlip
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about zip-slip vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "ZipSlip" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/src/Security/CWE-640/EmailInjection.qll

@@ -16,19 +16,6 @@ import go
 module EmailInjection {
   import EmailInjectionCustomizations::EmailInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about email-injection vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "Email Injection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/src/experimental/CWE-090/LDAPInjection.qll

@@ -95,22 +95,6 @@ private class LdapClientDNSink extends LdapSink {
   }
 }
 
-/**
- * DEPRECATED: Use `LdapInjectionFlow` instead.
- *
- * A taint-tracking configuration for reasoning about when a `ActiveThreatModelSource`
- * flows into an argument or field that is vulnerable to LDAP injection.
- */
-deprecated class LdapInjectionConfiguration extends TaintTracking::Configuration {
-  LdapInjectionConfiguration() { this = "Ldap injection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof LdapSink }
-
-  override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof LdapSanitizer }
-}
-
 private module LdapInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 

go/ql/src/experimental/CWE-1004/AuthCookie.qll

@@ -64,28 +64,6 @@ private class SetCookieSink extends DataFlow::Node {
   }
 }
 
-/**
- * DEPRECATED: Use `NameToNetHttpCookieTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from sensitive names to
- * `net/http.SetCookie`.
- */
-deprecated class NameToNetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
-  NameToNetHttpCookieTrackingConfiguration() { this = "NameToNetHttpCookieTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      sl.getType() instanceof NetHttpCookieType and
-      getValueForFieldWrite(sl, "Name") = pred and
-      sl = succ.asExpr()
-    )
-  }
-}
-
 private module NameToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
 
@@ -103,30 +81,6 @@ private module NameToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig
 /** Tracks taint flow from sensitive names to `net/http.SetCookie`. */
 module NameToNetHttpCookieTrackingFlow = TaintTracking::Global<NameToNetHttpCookieTrackingConfig>;
 
-/**
- * DEPRECATED: Use `BoolToNetHttpCookieTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from `bool` assigned to
- * `HttpOnly` that flows into `net/http.SetCookie`.
- */
-deprecated class BoolToNetHttpCookieTrackingConfiguration extends TaintTracking::Configuration {
-  BoolToNetHttpCookieTrackingConfiguration() { this = "BoolToNetHttpCookieTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.getType().getUnderlyingType() instanceof BoolType
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof SetCookieSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      sl.getType() instanceof NetHttpCookieType and
-      getValueForFieldWrite(sl, "HttpOnly") = pred and
-      sl = succ.asExpr()
-    )
-  }
-}
-
 private module BoolToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     source.getType().getUnderlyingType() instanceof BoolType
@@ -149,29 +103,6 @@ private module BoolToNetHttpCookieTrackingConfig implements DataFlow::ConfigSig
  */
 module BoolToNetHttpCookieTrackingFlow = TaintTracking::Global<BoolToNetHttpCookieTrackingConfig>;
 
-/**
- * DEPRECATED: Use `BoolToGinSetCookieTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from `HttpOnly` set to
- * `false` to `gin-gonic/gin.Context.SetCookie`.
- */
-deprecated class BoolToGinSetCookieTrackingConfiguration extends DataFlow::Configuration {
-  BoolToGinSetCookieTrackingConfiguration() { this = "BoolToGinSetCookieTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source.getBoolValue() = false }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(DataFlow::MethodCallNode mcn |
-      mcn.getTarget() instanceof GinContextSetCookieMethod and
-      mcn.getArgument(6) = sink and
-      exists(NameToGinSetCookieTrackingConfiguration cfg, DataFlow::Node nameArg |
-        cfg.hasFlowTo(nameArg) and
-        mcn.getArgument(0) = nameArg
-      )
-    )
-  }
-}
-
 private module BoolToGinSetCookieTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source.getBoolValue() = false }
 
@@ -193,25 +124,6 @@ private module BoolToGinSetCookieTrackingConfig implements DataFlow::ConfigSig {
  */
 module BoolToGinSetCookieTrackingFlow = DataFlow::Global<BoolToGinSetCookieTrackingConfig>;
 
-/**
- * DEPRECATED: Use `NameToGinSetCookieTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from sensitive names to
- * `gin-gonic/gin.Context.SetCookie`.
- */
-deprecated private class NameToGinSetCookieTrackingConfiguration extends DataFlow2::Configuration {
-  NameToGinSetCookieTrackingConfiguration() { this = "NameToGinSetCookieTrackingConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(DataFlow::MethodCallNode mcn |
-      mcn.getTarget() instanceof GinContextSetCookieMethod and
-      mcn.getArgument(0) = sink
-    )
-  }
-}
-
 private module NameToGinSetCookieTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isAuthVariable(source.asExpr()) }
 
@@ -251,39 +163,6 @@ private class GorillaStoreSaveSink extends DataFlow::Node {
   }
 }
 
-/**
- * DEPRECATED: Use `GorillaCookieStoreSaveTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from gorilla cookie store
- * creation to `gorilla/sessions.Session.Save`.
- */
-deprecated class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuration {
-  GorillaCookieStoreSaveTrackingConfiguration() {
-    this = "GorillaCookieStoreSaveTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    source
-        .(DataFlow::CallNode)
-        .getTarget()
-        .hasQualifiedName(package("github.com/gorilla/sessions", ""), "NewCookieStore")
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink instanceof GorillaSessionSaveSink or
-    sink instanceof GorillaStoreSaveSink
-  }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(DataFlow::MethodCallNode cn |
-      cn.getTarget()
-          .hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and
-      pred = cn.getReceiver() and
-      succ = cn.getResult(0)
-    )
-  }
-}
-
 private module GorillaCookieStoreSaveTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     source
@@ -313,34 +192,6 @@ private module GorillaCookieStoreSaveTrackingConfig implements DataFlow::ConfigS
  */
 module GorillaCookieStoreSaveTrackingFlow = DataFlow::Global<GorillaCookieStoreSaveTrackingConfig>;
 
-/**
- * DEPRECATED: Use `GorillaSessionOptionsTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from session options to
- * `gorilla/sessions.Session.Save`.
- */
-deprecated class GorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration {
-  GorillaSessionOptionsTrackingConfiguration() {
-    this = "GorillaSessionOptionsTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(StructLit sl |
-      sl.getType().hasQualifiedName(package("github.com/gorilla/sessions", ""), "Options") and
-      source.asExpr() = sl
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base |
-      w.writesField(base, f, pred) and
-      succ = base
-    )
-  }
-}
-
 private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     exists(StructLit sl |
@@ -366,37 +217,6 @@ private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSi
 module GorillaSessionOptionsTrackingFlow =
   TaintTracking::Global<GorillaSessionOptionsTrackingConfig>;
 
-/**
- * DEPRECATED: Use `BoolToGorillaSessionOptionsTrackingFlow` instead.
- *
- * A taint-tracking configuration for tracking flow from a `bool` assigned to
- * `HttpOnly` to `gorilla/sessions.Session.Save`.
- */
-deprecated class BoolToGorillaSessionOptionsTrackingConfiguration extends TaintTracking::Configuration
-{
-  BoolToGorillaSessionOptionsTrackingConfiguration() {
-    this = "BoolToGorillaSessionOptionsTrackingConfiguration"
-  }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.getType().getUnderlyingType() instanceof BoolType
-  }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(StructLit sl |
-      getValueForFieldWrite(sl, "HttpOnly") = pred and
-      sl = succ.asExpr()
-    )
-    or
-    exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base |
-      w.writesField(base, f, pred) and
-      succ = base
-    )
-  }
-}
-
 private module BoolToGorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     source.getType().getUnderlyingType() instanceof BoolType

go/ql/src/experimental/CWE-327/WeakCryptoAlgorithmCustomizations.qll

@@ -48,24 +48,6 @@ module WeakCryptoAlgorithm {
     }
   }
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A configuration depicting taint flow from sensitive information to weak cryptographic algorithms.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "WeakCryptoAlgorithm" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/src/experimental/CWE-74/DsnInjectionCustomizations.qll

@@ -6,28 +6,6 @@ import semmle.go.dataflow.barrierguardutil.RegexpCheck
 /** A source for `DsnInjection` taint-flow configuration. */
 abstract class Source extends DataFlow::Node { }
 
-/**
- * DEPRECATED: Use `DsnInjectionFlow` instead.
- *
- *  A taint-tracking configuration to reason about Data Source Name injection vulnerabilities.
- */
-deprecated class DsnInjection extends TaintTracking::Configuration {
-  DsnInjection() { this = "DsnInjection" }
-
-  override predicate isSource(DataFlow::Node node) { node instanceof Source }
-
-  override predicate isSink(DataFlow::Node node) {
-    exists(DataFlow::CallNode c |
-      c.getTarget().hasQualifiedName("database/sql", "Open") and
-      c.getArgument(0).getStringValue() = "mysql"
-    |
-      node = c.getArgument(1)
-    )
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) { node instanceof RegexpCheckBarrier }
-}
-
 private module DsnInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/src/experimental/CWE-807/SensitiveConditionBypass.qll

@@ -42,33 +42,6 @@ private class ConstComparisonExpr extends ComparisonExpr {
   }
 }
 
-/**
- * DEPRECATED: Use `Flow` instead.
- *
- * A data-flow configuration for reasoning about
- * user-controlled bypassing of sensitive actions.
- */
-deprecated class Configuration extends TaintTracking::Configuration {
-  Configuration() { this = "Condtional Expression Check Bypass" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source instanceof ActiveThreatModelSource
-    or
-    exists(DataFlow::FieldReadNode f |
-      f.getField().hasQualifiedName("net/http", "Request", "Host")
-    |
-      source = f
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(ConstComparisonExpr c |
-      c.getAnOperand() = sink.asExpr() and
-      not c.isPotentialFalsePositive()
-    )
-  }
-}
-
 private module Config implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     source instanceof ActiveThreatModelSource

go/ql/src/experimental/CWE-918/SSRF.qll

@@ -15,36 +15,6 @@ module ServerSideRequestForgery {
   private import semmle.go.dataflow.barrierguardutil.RegexpCheck
   private import semmle.go.dataflow.Properties
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about request forgery.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "SSRF" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-
-    override predicate isSanitizerOut(DataFlow::Node node) {
-      super.isSanitizerOut(node) or
-      node instanceof SanitizerEdge
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }