Python: Deprecate and replace BarrierGuard class.

2026-02-24 02:43:40 +01:00 · 2022-06-17 13:34:59 +02:00
parent 87d5305f5b
commit f473a0a961
41 changed files with 186 additions and 131 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
@@ -44,9 +44,11 @@ module ServerSideRequestForgery {
  abstract class FullUrlControlSanitizer extends DataFlow::Node { }

  /**
+   * DEPRECATED: Use `Sanitizer` instead.
+   *
   * A sanitizer guard for "Server-side request forgery" vulnerabilities.
   */
-  abstract class SanitizerGuard extends DataFlow::BarrierGuard { }
+  abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }

  /**
   * A source of remote user input, considered as a flow source.
@@ -78,7 +80,7 @@ module ServerSideRequestForgery {
  /**
   * A comparison with a constant string, considered as a sanitizer-guard.
   */
-  class StringConstCompareAsSanitizerGuard extends SanitizerGuard, StringConstCompare { }
+  class StringConstCompareAsSanitizerGuard extends Sanitizer, StringConstCompareBarrier { }

  /**
   * A string construction (concat, format, f-string) where the left side is not