Java: Deprecate the local content of TaintedPathQuery and remove the local query variant.

2026-04-26 01:05:15 +02:00 · 2024-05-01 10:39:49 +02:00
parent 5b89bd23c7
commit ed7538d0b9
3 changed files with 7 additions and 32 deletions
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.qhelp
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.qhelp
@@ -1,5 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="TaintedPath.qhelp" /></qhelp>
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql
@@ -1,24 +0,0 @@
-/**
- * @name Local-user-controlled data in path expression
- * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
- * @kind path-problem
- * @problem.severity recommendation
- * @security-severity 7.5
- * @precision medium
- * @id java/path-injection-local
- * @tags security
- *       external/cwe/cwe-022
- *       external/cwe/cwe-023
- *       external/cwe/cwe-036
- *       external/cwe/cwe-073
- */
-
-import java
-import semmle.code.java.security.PathCreation
-import semmle.code.java.security.TaintedPathQuery
-import TaintedPathLocalFlow::PathGraph
-
-from TaintedPathLocalFlow::PathNode source, TaintedPathLocalFlow::PathNode sink
-where TaintedPathLocalFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
-  "user-provided value"