Merge pull request #21781 from aschackmull/java/rm-deprecated

Java: Delete old deprecated code.

java/ql/lib/semmle/code/java/Expr.qll

@@ -2732,11 +2732,6 @@ class PatternExpr extends Expr {
    */
   LocalVariableDeclExpr asBindingOrUnnamedPattern() { result = this }
 
-  /**
-   * DEPRECATED: alias for `asBindingOrUnnamedPattern`.
-   */
-  deprecated LocalVariableDeclExpr asBindingPattern() { result = this.asBindingOrUnnamedPattern() }
-
   /**
    * Gets this pattern cast to a record pattern.
    */

java/ql/lib/semmle/code/java/Member.qll

@@ -810,14 +810,6 @@ class Field extends Member, ExprParent, @field, Variable {
     )
   }
 
-  /**
-   * DEPRECATED: The result is always `this`.
-   */
-  deprecated Field getSourceDeclaration() { result = this }
-
-  /** DEPRECATED: This always holds. */
-  deprecated predicate isSourceDeclaration() { any() }
-
   override predicate isPublic() {
     Member.super.isPublic()
     or

java/ql/lib/semmle/code/java/Statement.qll

@@ -558,11 +558,6 @@ class ConstCase extends SwitchCase {
 class PatternCase extends SwitchCase {
   PatternCase() { exists(PatternExpr pe | pe.isNthChildOf(this, _)) }
 
-  /**
-   * DEPRECATED: alias for getPattern(0)
-   */
-  deprecated PatternExpr getPattern() { result = this.getPattern(0) }
-
   /**
    * Gets this case's `n`th pattern.
    */

java/ql/lib/semmle/code/java/Type.qll

@@ -637,9 +637,6 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
     this.(NestedType).getEnclosingType().getNestedName() + "$" + this.getName() = result
   }
 
-  /** DEPRECATED: Alias for `getNestedName`. */
-  deprecated string nestedName() { result = this.getNestedName() }
-
   /**
    * Gets the source declaration of this type.
    *

java/ql/lib/semmle/code/java/controlflow/Dominance.qll

@@ -10,57 +10,6 @@ import java
  * Predicates for basic-block-level dominance.
  */
 
-/**
- * DEPRECATED: Use `BasicBlock::immediatelyDominates` instead.
- *
- * The immediate dominance relation for basic blocks.
- */
-deprecated predicate bbIDominates(BasicBlock dom, BasicBlock node) {
-  dom.immediatelyDominates(node)
-}
-
-/** Exit points for basic-block control-flow. */
-private predicate bbSink(BasicBlock exit) { exit.getLastNode() instanceof ControlFlow::ExitNode }
-
-/** Reversed `bbSucc`. */
-private predicate bbPred(BasicBlock post, BasicBlock pre) { post = pre.getASuccessor() }
-
-/** The immediate post-dominance relation on basic blocks. */
-deprecated predicate bbIPostDominates(BasicBlock dominator, BasicBlock node) =
-  idominance(bbSink/1, bbPred/2)(_, dominator, node)
-
-/**
- * DEPRECATED: Use `BasicBlock::strictlyDominates` instead.
- *
- * Holds if `dom` strictly dominates `node`.
- */
-deprecated predicate bbStrictlyDominates(BasicBlock dom, BasicBlock node) {
-  dom.strictlyDominates(node)
-}
-
-/**
- * DEPRECATED: Use `BasicBlock::dominates` instead.
- *
- * Holds if `dom` dominates `node`. (This is reflexive.)
- */
-deprecated predicate bbDominates(BasicBlock dom, BasicBlock node) { dom.dominates(node) }
-
-/**
- * DEPRECATED: Use `BasicBlock::strictlyPostDominates` instead.
- *
- * Holds if `dom` strictly post-dominates `node`.
- */
-deprecated predicate bbStrictlyPostDominates(BasicBlock dom, BasicBlock node) {
-  dom.strictlyPostDominates(node)
-}
-
-/**
- * DEPRECATED: Use `BasicBlock::postDominates` instead.
- *
- * Holds if `dom` post-dominates `node`. (This is reflexive.)
- */
-deprecated predicate bbPostDominates(BasicBlock dom, BasicBlock node) { dom.postDominates(node) }
-
 /**
  * The dominance frontier relation for basic blocks.
  *

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -43,14 +43,6 @@ abstract class SourceNode extends DataFlow::Node {
   abstract string getThreatModel();
 }
 
-/**
- * DEPRECATED: Use `ActiveThreatModelSource` instead.
- *
- * A class of data flow sources that respects the
- * current threat model configuration.
- */
-deprecated class ThreatModelFlowSource = ActiveThreatModelSource;
-
 /**
  * A data flow source that is enabled in the current threat model configuration.
  */

java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll

@@ -8,14 +8,6 @@ import java
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowUtil
 
-deprecated class SummaryComponent = Impl::Private::SummaryComponent;
-
-deprecated module SummaryComponent = Impl::Private::SummaryComponent;
-
-deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
-deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
-
 /** A synthetic callable with a set of concrete call sites and a flow summary. */
 abstract class SyntheticCallable extends string {
   bindingset[this]
@@ -147,5 +139,3 @@ private class SummarizedSyntheticCallableAdapter extends SummarizedCallable::Ran
     )
   }
 }
-
-deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;

java/ql/lib/semmle/code/java/dataflow/NullGuards.qll

@@ -196,18 +196,6 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) {
   Guards_v3::nullGuard(result, any(GuardValue v | v.asBooleanValue() = branch), e, isnull)
 }
 
-/**
- * DEPRECATED: Use `basicNullGuard` instead.
- *
- * Gets an expression that directly tests whether a given expression, `e`, is null or not.
- *
- * If `result` evaluates to `branch`, then `e` is guaranteed to be null if `isnull`
- * is true, and non-null if `isnull` is false.
- */
-deprecated Expr basicOrCustomNullGuard(Expr e, boolean branch, boolean isnull) {
-  result = basicNullGuard(e, branch, isnull)
-}
-
 /**
  * Gets an expression that directly tests whether a given SSA variable is null or not.
  *
@@ -218,18 +206,6 @@ Expr directNullGuard(SsaDefinition v, boolean branch, boolean isnull) {
   result = basicNullGuard(sameValue(v, _), branch, isnull)
 }
 
-/**
- * DEPRECATED: Use `nullGuardControls`/`nullGuardControlsBranchEdge` instead.
- *
- * Gets a `Guard` that tests (possibly indirectly) whether a given SSA variable is null or not.
- *
- * If `result` evaluates to `branch`, then `v` is guaranteed to be null if `isnull`
- * is true, and non-null if `isnull` is false.
- */
-deprecated Guard nullGuard(SsaDefinition v, boolean branch, boolean isnull) {
-  result = directNullGuard(v, branch, isnull)
-}
-
 /**
  * Holds if there exists a null check on `v`, such that taking the branch edge
  * from `bb1` to `bb2` implies that `v` is guaranteed to be null if `isnull` is

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll

@@ -198,19 +198,6 @@ module Public {
       or
       result = this.getType() and not exists(this.getImprovedTypeBound())
     }
-
-    /**
-     * Holds if this element is at the specified location.
-     * The location spans column `startcolumn` of line `startline` to
-     * column `endcolumn` of line `endline` in file `filepath`.
-     * For more information, see
-     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-     */
-    deprecated predicate hasLocationInfo(
-      string filepath, int startline, int startcolumn, int endline, int endcolumn
-    ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    }
   }
 
   /**

java/ql/lib/semmle/code/java/frameworks/Jndi.qll

@@ -48,18 +48,6 @@ class MethodLdapNameAddAll extends Method {
   }
 }
 
-/**
- * DEPRECATED: No longer needed as clone steps are handled uniformly.
- *
- * A method with the name `clone` declared in `javax.naming.ldap.LdapName`.
- */
-deprecated class MethodLdapNameClone extends Method {
-  MethodLdapNameClone() {
-    this.getDeclaringType() instanceof TypeLdapName and
-    this.hasName("clone")
-  }
-}
-
 /** A method with the name `getAll` declared in `javax.naming.ldap.LdapName`. */
 class MethodLdapNameGetAll extends Method {
   MethodLdapNameGetAll() {

java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll

@@ -156,9 +156,6 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
     result = this.getProducesExpr().(CompileTimeConstantExpr).getStringValue()
   }
 
-  /** DEPRECATED: Use `getAValue()` instead. */
-  deprecated string getValue() { result = requestMappingAnnotation.getStringValue("value") }
-
   /**
    * Gets a "value" @RequestMapping annotation string value, if present.
    *

java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll

@@ -20,13 +20,6 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
   }
 }
 
-/**
- * DEPRECATED. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication` instead.
- *
- * Holds if this database contains an Android manifest file.
- */
-deprecated predicate isAndroid() { exists(AndroidManifestXmlFile m) }
-
 /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
 private predicate trustedDomainViaXml(string domainName) {
   exists(

java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll

@@ -1,49 +1,5 @@
 /** Provides taint-tracking configurations to reason about arithmetic using local-user-controlled data. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.security.ArithmeticCommon
-
-/**
- * DEPRECATED: Use `ArithmeticOverflowConfig` instead.
- *
- * A taint-tracking configuration to reason about arithmetic overflow using local-user-controlled data.
- */
-deprecated module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
-
-  predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
-
-  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
-}
-
-/**
- * DEPRECATED: Use `ArithmeticOverflow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for arithmetic overflow using local-user-controlled data.
- */
-deprecated module ArithmeticTaintedLocalOverflowFlow =
-  TaintTracking::Global<ArithmeticTaintedLocalOverflowConfig>;
-
-/**
- * A taint-tracking configuration to reason about arithmetic underflow using local-user-controlled data.
- */
-deprecated module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
-
-  predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
-
-  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
-}
-
-/**
- * DEPRECATED: Use `ArithmeticUnderflow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for arithmetic underflow using local-user-controlled data.
- */
-deprecated module ArithmeticTaintedLocalUnderflowFlow =
-  TaintTracking::Global<ArithmeticTaintedLocalUnderflowConfig>;

java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll

@@ -25,11 +25,6 @@ module ArithmeticOverflowConfig implements DataFlow::ConfigSig {
   }
 }
 
-/**
- * DEPRECATED: Use `ArithmeticOverflowConfig` instead.
- */
-deprecated module RemoteUserInputOverflowConfig = ArithmeticOverflowConfig;
-
 /** A taint-tracking configuration to reason about underflow from unvalidated input. */
 module ArithmeticUnderflowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
@@ -51,23 +46,8 @@ module ArithmeticUnderflowConfig implements DataFlow::ConfigSig {
   }
 }
 
-/**
- * DEPRECATED: Use `ArithmeticUnderflowConfig` instead.
- */
-deprecated module RemoteUserInputUnderflowConfig = ArithmeticUnderflowConfig;
-
 /** Taint-tracking flow for overflow from unvalidated input. */
 module ArithmeticOverflow = TaintTracking::Global<ArithmeticOverflowConfig>;
 
-/**
- * DEPRECATED: Use `ArithmeticOverflow` instead.
- */
-deprecated module RemoteUserInputOverflow = ArithmeticOverflow;
-
 /** Taint-tracking flow for underflow from unvalidated input. */
 module ArithmeticUnderflow = TaintTracking::Global<ArithmeticUnderflowConfig>;
-
-/**
- * DEPRECATED: Use `ArithmeticUnderflow` instead.
- */
-deprecated module RemoteUserInputUnderflow = ArithmeticUnderflow;

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

@@ -78,44 +78,11 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-/**
- * DEPRECATED: Use `InputToArgumentToExecFlowConfig` instead.
- */
-deprecated module RemoteUserInputToArgumentToExecFlowConfig = InputToArgumentToExecFlowConfig;
-
 /**
  * Taint-tracking flow for unvalidated input that is used to run an external process.
  */
 module InputToArgumentToExecFlow = TaintTracking::Global<InputToArgumentToExecFlowConfig>;
 
-/**
- * DEPRECATED: Use `InputToArgumentToExecFlow` instead.
- */
-deprecated module RemoteUserInputToArgumentToExecFlow = InputToArgumentToExecFlow;
-
-/**
- * A taint-tracking configuration for unvalidated local user input that is used to run an external process.
- */
-deprecated module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink }
-
-  predicate isBarrier(DataFlow::Node node) { node instanceof CommandInjectionSanitizer }
-
-  predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
-  }
-}
-
-/**
- * DEPRECATED: Use `InputToArgumentToExecFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for unvalidated local user input that is used to run an external process.
- */
-deprecated module LocalUserInputToArgumentToExecFlow =
-  TaintTracking::Global<LocalUserInputToArgumentToExecFlowConfig>;
-
 /**
  * Implementation of `ExecTainted.ql`. It is extracted to a QLL
  * so that it can be excluded from `ExecUnescaped.ql` to avoid

java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll

@@ -1,27 +1,5 @@
 /** Provides a taint-tracking configuration to reason about use of externally controlled strings for command injection vulnerabilities. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.security.ExternalProcess
-private import semmle.code.java.security.CommandArguments
-private import semmle.code.java.security.Sanitizers
-
-/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
-deprecated module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
-
-  predicate isBarrier(DataFlow::Node node) {
-    node instanceof SimpleTypeSanitizer
-    or
-    isSafeCommandArgument(node.asExpr())
-  }
-}
-
-/**
- * DEPRCATED: Unused.
- *
- * Taint-tracking flow for use of externally controlled strings to make command line commands.
- */
-deprecated module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;

java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll

@@ -1,26 +1,5 @@
 /** Provides a taint-tracking configuration to reason about externally-controlled format strings from local sources. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.StringFormat
-
-/** A taint-tracking configuration to reason about externally-controlled format strings from local sources. */
-deprecated module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(StringFormat formatCall).getFormatArgument()
-  }
-
-  predicate isBarrier(DataFlow::Node node) {
-    node.getType() instanceof NumericType or node.getType() instanceof BooleanType
-  }
-}
-
-/**
- * DEPRECATED: Use `ExternallyControlledFormatStringFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for externally-controlled format strings from local sources.
- */
-deprecated module ExternallyControlledFormatStringLocalFlow =
-  TaintTracking::Global<ExternallyControlledFormatStringLocalConfig>;

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll

@@ -1,24 +1,5 @@
 /** Provides a taint-tracking configuration to reason about improper validation of local user-provided size used for array construction. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.security.internal.ArraySizing
-private import semmle.code.java.dataflow.FlowSources
-
-/**
- * A taint-tracking configuration to reason about improper validation of local user-provided size used for array construction.
- */
-deprecated module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) {
-    any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
-  }
-}
-
-/**
- * DEPRECATED: Use `ImproperValidationOfArrayConstructionFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for improper validation of local user-provided size used for array construction.
- */
-deprecated module ImproperValidationOfArrayConstructionLocalFlow =
-  TaintTracking::Global<ImproperValidationOfArrayConstructionLocalConfig>;

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll

@@ -1,28 +1,5 @@
 /** Provides a taint-tracking configuration to reason about improper validation of local user-provided array index. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.security.internal.ArraySizing
-private import semmle.code.java.dataflow.FlowSources
-
-/**
- * A taint-tracking configuration to reason about improper validation of local user-provided array index.
- */
-deprecated module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) {
-    any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr())
-  }
-
-  predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType }
-
-  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
-}
-
-/**
- * DEPRECATED: Use `ImproperValidationOfArrayIndexFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for improper validation of local user-provided array index.
- */
-deprecated module ImproperValidationOfArrayIndexLocalFlow =
-  TaintTracking::Global<ImproperValidationOfArrayIndexLocalConfig>;

java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll

@@ -115,34 +115,3 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
  * Taint-tracking flow for user input that is used in a numeric cast.
  */
 module NumericCastFlow = TaintTracking::Global<NumericCastFlowConfig>;
-
-/**
- * A taint-tracking configuration for reasoning about local user input that is
- * used in a numeric cast.
- */
-deprecated module NumericCastLocalFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() and
-    sink.asExpr() instanceof VarAccess
-  }
-
-  predicate isBarrier(DataFlow::Node node) {
-    boundedRead(node.asExpr()) or
-    castCheck(node.asExpr()) or
-    node.getType() instanceof SmallType or
-    smallExpr(node.asExpr()) or
-    node.getEnclosingCallable() instanceof HashCodeMethod or
-    exists(RightShiftOp e | e.getShiftedVariable().getAnAccess() = node.asExpr())
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
-}
-
-/**
- * DEPRECATED: Use `NumericCastFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for local user input that is used in a numeric cast.
- */
-deprecated module NumericCastLocalFlow = TaintTracking::Global<NumericCastLocalFlowConfig>;

java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll

@@ -1,39 +1,5 @@
 /** Provides a taint-tracking configuration to reason about response splitting vulnerabilities from local user input. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.security.ResponseSplitting
-
-/**
- * A taint-tracking configuration to reason about response splitting vulnerabilities from local user input.
- */
-deprecated module ResponseSplittingLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }
-
-  predicate isBarrier(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType
-    or
-    node.getType() instanceof BoxedType
-    or
-    exists(MethodCall ma, string methodName, CompileTimeConstantExpr target |
-      node.asExpr() = ma and
-      ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and
-      target = ma.getArgument(0) and
-      (
-        methodName = "replace" and target.getIntValue() = [10, 13] // 10 == "\n", 13 == "\r"
-        or
-        methodName = "replaceAll" and
-        target.getStringValue().regexpMatch(".*([\n\r]|\\[\\^[^\\]\r\n]*\\]).*")
-      )
-    )
-  }
-}
-
-/**
- * DEPRECATED: Use `ResponseSplittingFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for response splitting vulnerabilities from local user input.
- */
-deprecated module ResponseSplittingLocalFlow = TaintTracking::Global<ResponseSplittingLocalConfig>;

java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll

@@ -2,32 +2,7 @@
  * Provides a taint-tracking configuration for reasoning about local user input
  * that is used in a SQL query.
  */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.security.SqlInjectionQuery
-private import semmle.code.java.security.Sanitizers
-
-/**
- * A taint-tracking configuration for reasoning about local user input that is
- * used in a SQL query.
- */
-deprecated module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
-
-  predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
-  }
-}
-
-/**
- * DEPRECATED: Use `QueryInjectionFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for local user input that is used in a SQL query.
- */
-deprecated module LocalUserInputToQueryInjectionFlow =
-  TaintTracking::Global<LocalUserInputToQueryInjectionFlowConfig>;

java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll

@@ -78,28 +78,3 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
 
 /** Tracks flow from remote sources to the creation of a path. */
 module TaintedPathFlow = TaintTracking::Global<TaintedPathConfig>;
-
-/**
- * A taint-tracking configuration for tracking flow from local user input to the creation of a path.
- */
-deprecated module TaintedPathLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof TaintedPathSink }
-
-  predicate isBarrier(DataFlow::Node sanitizer) {
-    sanitizer instanceof SimpleTypeSanitizer or
-    sanitizer instanceof PathInjectionSanitizer
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(TaintedPathAdditionalTaintStep s).step(n1, n2)
-  }
-}
-
-/**
- * DEPRECATED: Use `TaintedPathFlow` instead and configure threat model sources to include `local`.
- *
- * Tracks flow from local user input to the creation of a path.
- */
-deprecated module TaintedPathLocalFlow = TaintTracking::Global<TaintedPathLocalConfig>;

java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll

@@ -1,21 +1,5 @@
 /** Provides a taint-tracking configuration to reason about URL redirection from local sources. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.security.UrlRedirect
-
-/**
- * A taint-tracking configuration to reason about URL redirection from local sources.
- */
-deprecated module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
-}
-
-/**
- * DEPRECATED: Use `UrlRedirectFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for URL redirection from local sources.
- */
-deprecated module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;

java/ql/lib/semmle/code/java/security/XssLocalQuery.qll

@@ -1,30 +1,5 @@
 /** Provides a taint-tracking configuration to reason about cross-site scripting from a local source. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.dataflow.TaintTracking
-private import semmle.code.java.security.XSS
-
-/**
- * A taint-tracking configuration for reasoning about cross-site scripting vulnerabilities from a local source.
- */
-deprecated module XssLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
-
-  predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer }
-
-  predicate isBarrierOut(DataFlow::Node node) { node instanceof XssSinkBarrier }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(XssAdditionalTaintStep s).step(node1, node2)
-  }
-}
-
-/**
- * DEPRECATED: Use `XssFlow` instead and configure threat model sources to include `local`.
- *
- * Taint-tracking flow for cross-site scripting vulnerabilities from a local source.
- */
-deprecated module XssLocalFlow = TaintTracking::Global<XssLocalConfig>;

java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll

@@ -1,28 +1,5 @@
 /** Provides taint tracking configurations to be used in local XXE queries. */
+overlay[local?]
+deprecated module;
 
 import java
-private import semmle.code.java.dataflow.FlowSources
-private import semmle.code.java.dataflow.TaintTracking
-private import semmle.code.java.security.XxeQuery
-
-/**
- * A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion.
- */
-deprecated module XxeLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink }
-
-  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer }
-
-  predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
-    any(XxeAdditionalTaintStep s).step(n1, n2)
-  }
-}
-
-/**
- * DEPRECATED: Use `XxeFlow` instead and configure threat model sources to include `local`.
- *
- * Detect taint flow of unvalidated local user input that is used in XML external entity expansion.
- */
-deprecated module XxeLocalFlow = TaintTracking::Global<XxeLocalConfig>;

java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql

@@ -43,7 +43,7 @@ deprecated private predicate mayBeExploitable(Method m) {
     // hence, here we check for the param type to be a Java `String`.
     p.getType() instanceof TypeString and
     // Exclude cases where a regex check is applied on a parameter to prevent false positives.
-    not m.(SpringRequestMappingMethod).getValue().matches("%{%:[%]%}%")
+    not m.(SpringRequestMappingMethod).getAValue().matches("%{%:[%]%}%")
   ) and
   not maybeATestMethod(m)
 }

java/ql/src/semmle/code/xml/MyBatisMapperXML.qll

@@ -1,117 +0,0 @@
-/**
- * Provides classes for working with MyBatis mapper xml files and their content.
- */
-deprecated module;
-
-import java
-
-/**
- * MyBatis Mapper XML file.
- */
-class MyBatisMapperXmlFile extends XmlFile {
-  MyBatisMapperXmlFile() {
-    count(XmlElement e | e = this.getAChild()) = 1 and
-    this.getAChild().getName() = "mapper"
-  }
-}
-
-/**
- * An XML element in a `MyBatisMapperXMLFile`.
- */
-class MyBatisMapperXmlElement extends XmlElement {
-  MyBatisMapperXmlElement() { this.getFile() instanceof MyBatisMapperXmlFile }
-
-  /**
-   * Gets the value for this element, with leading and trailing whitespace trimmed.
-   */
-  string getValue() { result = this.allCharactersString().trim() }
-
-  /**
-   * Gets the reference type bound to MyBatis Mapper XML File.
-   */
-  RefType getNamespaceRefType() {
-    result.getQualifiedName() = this.getAttribute("namespace").getValue()
-  }
-}
-
-/**
- * An MyBatis Mapper sql operation element.
- */
-abstract class MyBatisMapperSqlOperation extends MyBatisMapperXmlElement {
-  /**
-   * Gets the value of the `id` attribute of MyBatis Mapper sql operation element.
-   */
-  string getId() { result = this.getAttribute("id").getValue() }
-
-  /**
-   * Gets the `<include>` element in a `MyBatisMapperSqlOperation`.
-   */
-  MyBatisMapperInclude getInclude() { result = this.getAChild*() }
-
-  /**
-   * Gets the method bound to MyBatis Mapper XML File.
-   */
-  Method getMapperMethod() {
-    result.getName() = this.getId() and
-    result.getDeclaringType() = this.getParent().(MyBatisMapperXmlElement).getNamespaceRefType()
-  }
-}
-
-/**
- * A `<insert>` element in a `MyBatisMapperSqlOperation`.
- */
-class MyBatisMapperInsert extends MyBatisMapperSqlOperation {
-  MyBatisMapperInsert() { this.getName() = "insert" }
-}
-
-/**
- * A `<update>` element in a `MyBatisMapperSqlOperation`.
- */
-class MyBatisMapperUpdate extends MyBatisMapperSqlOperation {
-  MyBatisMapperUpdate() { this.getName() = "update" }
-}
-
-/**
- * A `<delete>` element in a `MyBatisMapperSqlOperation`.
- */
-class MyBatisMapperDelete extends MyBatisMapperSqlOperation {
-  MyBatisMapperDelete() { this.getName() = "delete" }
-}
-
-/**
- * A `<select>` element in a `MyBatisMapperSqlOperation`.
- */
-class MyBatisMapperSelect extends MyBatisMapperSqlOperation {
-  MyBatisMapperSelect() { this.getName() = "select" }
-}
-
-/**
- * A `<sql>` element in a `MyBatisMapperXMLElement`.
- */
-class MyBatisMapperSql extends MyBatisMapperXmlElement {
-  MyBatisMapperSql() { this.getName() = "sql" }
-
-  /**
-   * Gets the value of the `id` attribute of this `<sql>`.
-   */
-  string getId() { result = this.getAttribute("id").getValue() }
-}
-
-/**
- * A `<include>` element in a `MyBatisMapperXMLElement`.
- */
-class MyBatisMapperInclude extends MyBatisMapperXmlElement {
-  MyBatisMapperInclude() { this.getName() = "include" }
-
-  /**
-   * Gets the value of the `refid` attribute of this `<include>`.
-   */
-  string getRefid() { result = this.getAttribute("refid").getValue() }
-}
-
-/**
- * A `<foreach>` element in a `MyBatisMapperXMLElement`.
- */
-class MyBatisMapperForeach extends MyBatisMapperXmlElement {
-  MyBatisMapperForeach() { this.getName() = "foreach" }
-}