diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 31135429e2d8..c03be611067f 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -2732,11 +2732,6 @@ class PatternExpr extends Expr { */ LocalVariableDeclExpr asBindingOrUnnamedPattern() { result = this } - /** - * DEPRECATED: alias for `asBindingOrUnnamedPattern`. - */ - deprecated LocalVariableDeclExpr asBindingPattern() { result = this.asBindingOrUnnamedPattern() } - /** * Gets this pattern cast to a record pattern. */ diff --git a/java/ql/lib/semmle/code/java/Member.qll b/java/ql/lib/semmle/code/java/Member.qll index 23e08c4e6b60..0a8d80f4c36e 100644 --- a/java/ql/lib/semmle/code/java/Member.qll +++ b/java/ql/lib/semmle/code/java/Member.qll @@ -810,14 +810,6 @@ class Field extends Member, ExprParent, @field, Variable { ) } - /** - * DEPRECATED: The result is always `this`. - */ - deprecated Field getSourceDeclaration() { result = this } - - /** DEPRECATED: This always holds. */ - deprecated predicate isSourceDeclaration() { any() } - override predicate isPublic() { Member.super.isPublic() or diff --git a/java/ql/lib/semmle/code/java/Statement.qll b/java/ql/lib/semmle/code/java/Statement.qll index e2c7779b43cb..558e148d71ee 100644 --- a/java/ql/lib/semmle/code/java/Statement.qll +++ b/java/ql/lib/semmle/code/java/Statement.qll @@ -558,11 +558,6 @@ class ConstCase extends SwitchCase { class PatternCase extends SwitchCase { PatternCase() { exists(PatternExpr pe | pe.isNthChildOf(this, _)) } - /** - * DEPRECATED: alias for getPattern(0) - */ - deprecated PatternExpr getPattern() { result = this.getPattern(0) } - /** * Gets this case's `n`th pattern. */ diff --git a/java/ql/lib/semmle/code/java/Type.qll b/java/ql/lib/semmle/code/java/Type.qll index ef5cc5d941ce..8a46d863de2b 100644 --- a/java/ql/lib/semmle/code/java/Type.qll +++ b/java/ql/lib/semmle/code/java/Type.qll @@ -637,9 +637,6 @@ class RefType extends Type, Annotatable, Modifiable, @reftype { this.(NestedType).getEnclosingType().getNestedName() + "$" + this.getName() = result } - /** DEPRECATED: Alias for `getNestedName`. */ - deprecated string nestedName() { result = this.getNestedName() } - /** * Gets the source declaration of this type. * diff --git a/java/ql/lib/semmle/code/java/controlflow/Dominance.qll b/java/ql/lib/semmle/code/java/controlflow/Dominance.qll index e2a50ba06df6..9cf582fa8379 100644 --- a/java/ql/lib/semmle/code/java/controlflow/Dominance.qll +++ b/java/ql/lib/semmle/code/java/controlflow/Dominance.qll @@ -10,57 +10,12 @@ import java * Predicates for basic-block-level dominance. */ -/** - * DEPRECATED: Use `BasicBlock::immediatelyDominates` instead. - * - * The immediate dominance relation for basic blocks. - */ -deprecated predicate bbIDominates(BasicBlock dom, BasicBlock node) { - dom.immediatelyDominates(node) -} - /** Exit points for basic-block control-flow. */ private predicate bbSink(BasicBlock exit) { exit.getLastNode() instanceof ControlFlow::ExitNode } /** Reversed `bbSucc`. */ private predicate bbPred(BasicBlock post, BasicBlock pre) { post = pre.getASuccessor() } -/** The immediate post-dominance relation on basic blocks. */ -deprecated predicate bbIPostDominates(BasicBlock dominator, BasicBlock node) = - idominance(bbSink/1, bbPred/2)(_, dominator, node) - -/** - * DEPRECATED: Use `BasicBlock::strictlyDominates` instead. - * - * Holds if `dom` strictly dominates `node`. - */ -deprecated predicate bbStrictlyDominates(BasicBlock dom, BasicBlock node) { - dom.strictlyDominates(node) -} - -/** - * DEPRECATED: Use `BasicBlock::dominates` instead. - * - * Holds if `dom` dominates `node`. (This is reflexive.) - */ -deprecated predicate bbDominates(BasicBlock dom, BasicBlock node) { dom.dominates(node) } - -/** - * DEPRECATED: Use `BasicBlock::strictlyPostDominates` instead. - * - * Holds if `dom` strictly post-dominates `node`. - */ -deprecated predicate bbStrictlyPostDominates(BasicBlock dom, BasicBlock node) { - dom.strictlyPostDominates(node) -} - -/** - * DEPRECATED: Use `BasicBlock::postDominates` instead. - * - * Holds if `dom` post-dominates `node`. (This is reflexive.) - */ -deprecated predicate bbPostDominates(BasicBlock dom, BasicBlock node) { dom.postDominates(node) } - /** * The dominance frontier relation for basic blocks. * diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 8c6ac60eb24f..f8bd1e605976 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -43,14 +43,6 @@ abstract class SourceNode extends DataFlow::Node { abstract string getThreatModel(); } -/** - * DEPRECATED: Use `ActiveThreatModelSource` instead. - * - * A class of data flow sources that respects the - * current threat model configuration. - */ -deprecated class ThreatModelFlowSource = ActiveThreatModelSource; - /** * A data flow source that is enabled in the current threat model configuration. */ diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll index 5995e57a4ed5..b88db0272cea 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll @@ -8,14 +8,6 @@ import java private import internal.FlowSummaryImpl as Impl private import internal.DataFlowUtil -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - /** A synthetic callable with a set of concrete call sites and a flow summary. */ abstract class SyntheticCallable extends string { bindingset[this] @@ -147,5 +139,3 @@ private class SummarizedSyntheticCallableAdapter extends SummarizedCallable::Ran ) } } - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll index e10e54609077..77549c89d812 100644 --- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll +++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll @@ -196,18 +196,6 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) { Guards_v3::nullGuard(result, any(GuardValue v | v.asBooleanValue() = branch), e, isnull) } -/** - * DEPRECATED: Use `basicNullGuard` instead. - * - * Gets an expression that directly tests whether a given expression, `e`, is null or not. - * - * If `result` evaluates to `branch`, then `e` is guaranteed to be null if `isnull` - * is true, and non-null if `isnull` is false. - */ -deprecated Expr basicOrCustomNullGuard(Expr e, boolean branch, boolean isnull) { - result = basicNullGuard(e, branch, isnull) -} - /** * Gets an expression that directly tests whether a given SSA variable is null or not. * @@ -218,18 +206,6 @@ Expr directNullGuard(SsaDefinition v, boolean branch, boolean isnull) { result = basicNullGuard(sameValue(v, _), branch, isnull) } -/** - * DEPRECATED: Use `nullGuardControls`/`nullGuardControlsBranchEdge` instead. - * - * Gets a `Guard` that tests (possibly indirectly) whether a given SSA variable is null or not. - * - * If `result` evaluates to `branch`, then `v` is guaranteed to be null if `isnull` - * is true, and non-null if `isnull` is false. - */ -deprecated Guard nullGuard(SsaDefinition v, boolean branch, boolean isnull) { - result = directNullGuard(v, branch, isnull) -} - /** * Holds if there exists a null check on `v`, such that taking the branch edge * from `bb1` to `bb2` implies that `v` is guaranteed to be null if `isnull` is diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll index a280e531f91c..8957442b39ac 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll @@ -198,19 +198,6 @@ module Public { or result = this.getType() and not exists(this.getImprovedTypeBound()) } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll index d2b14d5f58ec..5d16dc5103a2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll @@ -48,18 +48,6 @@ class MethodLdapNameAddAll extends Method { } } -/** - * DEPRECATED: No longer needed as clone steps are handled uniformly. - * - * A method with the name `clone` declared in `javax.naming.ldap.LdapName`. - */ -deprecated class MethodLdapNameClone extends Method { - MethodLdapNameClone() { - this.getDeclaringType() instanceof TypeLdapName and - this.hasName("clone") - } -} - /** A method with the name `getAll` declared in `javax.naming.ldap.LdapName`. */ class MethodLdapNameGetAll extends Method { MethodLdapNameGetAll() { diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll index a26e4edc2771..3d910485d2fe 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll @@ -156,9 +156,6 @@ class SpringRequestMappingMethod extends SpringControllerMethod { result = this.getProducesExpr().(CompileTimeConstantExpr).getStringValue() } - /** DEPRECATED: Use `getAValue()` instead. */ - deprecated string getValue() { result = requestMappingAnnotation.getStringValue("value") } - /** * Gets a "value" @RequestMapping annotation string value, if present. * diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll index 81c02e832760..7130e41eeb7e 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll @@ -20,13 +20,6 @@ class AndroidNetworkSecurityConfigFile extends XmlFile { } } -/** - * DEPRECATED. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication` instead. - * - * Holds if this database contains an Android manifest file. - */ -deprecated predicate isAndroid() { exists(AndroidManifestXmlFile m) } - /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */ private predicate trustedDomainViaXml(string domainName) { exists( diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll index 453111749679..f9f98cd93acc 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedLocalQuery.qll @@ -1,49 +1,5 @@ /** Provides taint-tracking configurations to reason about arithmetic using local-user-controlled data. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.ArithmeticCommon - -/** - * DEPRECATED: Use `ArithmeticOverflowConfig` instead. - * - * A taint-tracking configuration to reason about arithmetic overflow using local-user-controlled data. - */ -deprecated module ArithmeticTaintedLocalOverflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) } - - predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) } - - predicate isBarrierIn(DataFlow::Node node) { isSource(node) } -} - -/** - * DEPRECATED: Use `ArithmeticOverflow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for arithmetic overflow using local-user-controlled data. - */ -deprecated module ArithmeticTaintedLocalOverflowFlow = - TaintTracking::Global; - -/** - * A taint-tracking configuration to reason about arithmetic underflow using local-user-controlled data. - */ -deprecated module ArithmeticTaintedLocalUnderflowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) } - - predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) } - - predicate isBarrierIn(DataFlow::Node node) { isSource(node) } -} - -/** - * DEPRECATED: Use `ArithmeticUnderflow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for arithmetic underflow using local-user-controlled data. - */ -deprecated module ArithmeticTaintedLocalUnderflowFlow = - TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll index 65e73f841495..9d123b379cd6 100644 --- a/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll @@ -25,11 +25,6 @@ module ArithmeticOverflowConfig implements DataFlow::ConfigSig { } } -/** - * DEPRECATED: Use `ArithmeticOverflowConfig` instead. - */ -deprecated module RemoteUserInputOverflowConfig = ArithmeticOverflowConfig; - /** A taint-tracking configuration to reason about underflow from unvalidated input. */ module ArithmeticUnderflowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } @@ -51,23 +46,8 @@ module ArithmeticUnderflowConfig implements DataFlow::ConfigSig { } } -/** - * DEPRECATED: Use `ArithmeticUnderflowConfig` instead. - */ -deprecated module RemoteUserInputUnderflowConfig = ArithmeticUnderflowConfig; - /** Taint-tracking flow for overflow from unvalidated input. */ module ArithmeticOverflow = TaintTracking::Global; -/** - * DEPRECATED: Use `ArithmeticOverflow` instead. - */ -deprecated module RemoteUserInputOverflow = ArithmeticOverflow; - /** Taint-tracking flow for underflow from unvalidated input. */ module ArithmeticUnderflow = TaintTracking::Global; - -/** - * DEPRECATED: Use `ArithmeticUnderflow` instead. - */ -deprecated module RemoteUserInputUnderflow = ArithmeticUnderflow; diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll index 273c5360b815..9aa62d950c59 100644 --- a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll @@ -78,44 +78,11 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { } } -/** - * DEPRECATED: Use `InputToArgumentToExecFlowConfig` instead. - */ -deprecated module RemoteUserInputToArgumentToExecFlowConfig = InputToArgumentToExecFlowConfig; - /** * Taint-tracking flow for unvalidated input that is used to run an external process. */ module InputToArgumentToExecFlow = TaintTracking::Global; -/** - * DEPRECATED: Use `InputToArgumentToExecFlow` instead. - */ -deprecated module RemoteUserInputToArgumentToExecFlow = InputToArgumentToExecFlow; - -/** - * A taint-tracking configuration for unvalidated local user input that is used to run an external process. - */ -deprecated module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof CommandInjectionSink } - - predicate isBarrier(DataFlow::Node node) { node instanceof CommandInjectionSanitizer } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - any(CommandInjectionAdditionalTaintStep s).step(n1, n2) - } -} - -/** - * DEPRECATED: Use `InputToArgumentToExecFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for unvalidated local user input that is used to run an external process. - */ -deprecated module LocalUserInputToArgumentToExecFlow = - TaintTracking::Global; - /** * Implementation of `ExecTainted.ql`. It is extracted to a QLL * so that it can be excluded from `ExecUnescaped.ql` to avoid diff --git a/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll index 7a2d5b0947d0..dfc727e89d71 100644 --- a/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll @@ -1,27 +1,5 @@ /** Provides a taint-tracking configuration to reason about use of externally controlled strings for command injection vulnerabilities. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.ExternalProcess -private import semmle.code.java.security.CommandArguments -private import semmle.code.java.security.Sanitizers - -/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */ -deprecated module ExecTaintedLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec } - - predicate isBarrier(DataFlow::Node node) { - node instanceof SimpleTypeSanitizer - or - isSafeCommandArgument(node.asExpr()) - } -} - -/** - * DEPRCATED: Unused. - * - * Taint-tracking flow for use of externally controlled strings to make command line commands. - */ -deprecated module ExecTaintedLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll index 482673bacc93..79cf2a300f47 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll @@ -1,26 +1,5 @@ /** Provides a taint-tracking configuration to reason about externally-controlled format strings from local sources. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.StringFormat - -/** A taint-tracking configuration to reason about externally-controlled format strings from local sources. */ -deprecated module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(StringFormat formatCall).getFormatArgument() - } - - predicate isBarrier(DataFlow::Node node) { - node.getType() instanceof NumericType or node.getType() instanceof BooleanType - } -} - -/** - * DEPRECATED: Use `ExternallyControlledFormatStringFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for externally-controlled format strings from local sources. - */ -deprecated module ExternallyControlledFormatStringLocalFlow = - TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll index 1d31d7afb872..e5b51c2ae53c 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll @@ -1,24 +1,5 @@ /** Provides a taint-tracking configuration to reason about improper validation of local user-provided size used for array construction. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.security.internal.ArraySizing -private import semmle.code.java.dataflow.FlowSources - -/** - * A taint-tracking configuration to reason about improper validation of local user-provided size used for array construction. - */ -deprecated module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { - any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _) - } -} - -/** - * DEPRECATED: Use `ImproperValidationOfArrayConstructionFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for improper validation of local user-provided size used for array construction. - */ -deprecated module ImproperValidationOfArrayConstructionLocalFlow = - TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll index 5f1e7c81e017..b6b1366fb402 100644 --- a/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll @@ -1,28 +1,5 @@ /** Provides a taint-tracking configuration to reason about improper validation of local user-provided array index. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.security.internal.ArraySizing -private import semmle.code.java.dataflow.FlowSources - -/** - * A taint-tracking configuration to reason about improper validation of local user-provided array index. - */ -deprecated module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { - any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr()) - } - - predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType } - - predicate isBarrierIn(DataFlow::Node node) { isSource(node) } -} - -/** - * DEPRECATED: Use `ImproperValidationOfArrayIndexFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for improper validation of local user-provided array index. - */ -deprecated module ImproperValidationOfArrayIndexLocalFlow = - TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll index 793871a4bd23..a4c3785feead 100644 --- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll @@ -115,34 +115,3 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { * Taint-tracking flow for user input that is used in a numeric cast. */ module NumericCastFlow = TaintTracking::Global; - -/** - * A taint-tracking configuration for reasoning about local user input that is - * used in a numeric cast. - */ -deprecated module NumericCastLocalFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr() and - sink.asExpr() instanceof VarAccess - } - - predicate isBarrier(DataFlow::Node node) { - boundedRead(node.asExpr()) or - castCheck(node.asExpr()) or - node.getType() instanceof SmallType or - smallExpr(node.asExpr()) or - node.getEnclosingCallable() instanceof HashCodeMethod or - exists(RightShiftOp e | e.getShiftedVariable().getAnAccess() = node.asExpr()) - } - - predicate isBarrierIn(DataFlow::Node node) { isSource(node) } -} - -/** - * DEPRECATED: Use `NumericCastFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for local user input that is used in a numeric cast. - */ -deprecated module NumericCastLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll index e5845b630ec8..e0383cd52d9a 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingLocalQuery.qll @@ -1,39 +1,5 @@ /** Provides a taint-tracking configuration to reason about response splitting vulnerabilities from local user input. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.ResponseSplitting - -/** - * A taint-tracking configuration to reason about response splitting vulnerabilities from local user input. - */ -deprecated module ResponseSplittingLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink } - - predicate isBarrier(DataFlow::Node node) { - node.getType() instanceof PrimitiveType - or - node.getType() instanceof BoxedType - or - exists(MethodCall ma, string methodName, CompileTimeConstantExpr target | - node.asExpr() = ma and - ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and - target = ma.getArgument(0) and - ( - methodName = "replace" and target.getIntValue() = [10, 13] // 10 == "\n", 13 == "\r" - or - methodName = "replaceAll" and - target.getStringValue().regexpMatch(".*([\n\r]|\\[\\^[^\\]\r\n]*\\]).*") - ) - ) - } -} - -/** - * DEPRECATED: Use `ResponseSplittingFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for response splitting vulnerabilities from local user input. - */ -deprecated module ResponseSplittingLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll index 7ff4b300ce8a..80cd491acf24 100644 --- a/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll @@ -2,32 +2,7 @@ * Provides a taint-tracking configuration for reasoning about local user input * that is used in a SQL query. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.SqlInjectionQuery -private import semmle.code.java.security.Sanitizers - -/** - * A taint-tracking configuration for reasoning about local user input that is - * used in a SQL query. - */ -deprecated module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink } - - predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - any(AdditionalQueryInjectionTaintStep s).step(node1, node2) - } -} - -/** - * DEPRECATED: Use `QueryInjectionFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for local user input that is used in a SQL query. - */ -deprecated module LocalUserInputToQueryInjectionFlow = - TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index 6726bcc35086..27b65e7eae0b 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -78,28 +78,3 @@ module TaintedPathConfig implements DataFlow::ConfigSig { /** Tracks flow from remote sources to the creation of a path. */ module TaintedPathFlow = TaintTracking::Global; - -/** - * A taint-tracking configuration for tracking flow from local user input to the creation of a path. - */ -deprecated module TaintedPathLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof TaintedPathSink } - - predicate isBarrier(DataFlow::Node sanitizer) { - sanitizer instanceof SimpleTypeSanitizer or - sanitizer instanceof PathInjectionSanitizer - } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - any(TaintedPathAdditionalTaintStep s).step(n1, n2) - } -} - -/** - * DEPRECATED: Use `TaintedPathFlow` instead and configure threat model sources to include `local`. - * - * Tracks flow from local user input to the creation of a path. - */ -deprecated module TaintedPathLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll b/java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll index f68fb959ea52..2016e9be14fa 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll @@ -1,21 +1,5 @@ /** Provides a taint-tracking configuration to reason about URL redirection from local sources. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.security.UrlRedirect - -/** - * A taint-tracking configuration to reason about URL redirection from local sources. - */ -deprecated module UrlRedirectLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } -} - -/** - * DEPRECATED: Use `UrlRedirectFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for URL redirection from local sources. - */ -deprecated module UrlRedirectLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll index 5e1098865aa6..fd8fd6f451c2 100644 --- a/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XssLocalQuery.qll @@ -1,30 +1,5 @@ /** Provides a taint-tracking configuration to reason about cross-site scripting from a local source. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.dataflow.TaintTracking -private import semmle.code.java.security.XSS - -/** - * A taint-tracking configuration for reasoning about cross-site scripting vulnerabilities from a local source. - */ -deprecated module XssLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } - - predicate isBarrier(DataFlow::Node node) { node instanceof XssSanitizer } - - predicate isBarrierOut(DataFlow::Node node) { node instanceof XssSinkBarrier } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - any(XssAdditionalTaintStep s).step(node1, node2) - } -} - -/** - * DEPRECATED: Use `XssFlow` instead and configure threat model sources to include `local`. - * - * Taint-tracking flow for cross-site scripting vulnerabilities from a local source. - */ -deprecated module XssLocalFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll index f485137fc782..c45cd560cfca 100644 --- a/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeLocalQuery.qll @@ -1,28 +1,5 @@ /** Provides taint tracking configurations to be used in local XXE queries. */ +overlay[local?] +deprecated module; import java -private import semmle.code.java.dataflow.FlowSources -private import semmle.code.java.dataflow.TaintTracking -private import semmle.code.java.security.XxeQuery - -/** - * A taint-tracking configuration for unvalidated local user input that is used in XML external entity expansion. - */ -deprecated module XxeLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof XxeSink } - - predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof XxeSanitizer } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - any(XxeAdditionalTaintStep s).step(n1, n2) - } -} - -/** - * DEPRECATED: Use `XxeFlow` instead and configure threat model sources to include `local`. - * - * Detect taint flow of unvalidated local user input that is used in XML external entity expansion. - */ -deprecated module XxeLocalFlow = TaintTracking::Global; diff --git a/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll b/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll deleted file mode 100644 index 5d047f1e82a1..000000000000 --- a/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll +++ /dev/null @@ -1,117 +0,0 @@ -/** - * Provides classes for working with MyBatis mapper xml files and their content. - */ -deprecated module; - -import java - -/** - * MyBatis Mapper XML file. - */ -class MyBatisMapperXmlFile extends XmlFile { - MyBatisMapperXmlFile() { - count(XmlElement e | e = this.getAChild()) = 1 and - this.getAChild().getName() = "mapper" - } -} - -/** - * An XML element in a `MyBatisMapperXMLFile`. - */ -class MyBatisMapperXmlElement extends XmlElement { - MyBatisMapperXmlElement() { this.getFile() instanceof MyBatisMapperXmlFile } - - /** - * Gets the value for this element, with leading and trailing whitespace trimmed. - */ - string getValue() { result = this.allCharactersString().trim() } - - /** - * Gets the reference type bound to MyBatis Mapper XML File. - */ - RefType getNamespaceRefType() { - result.getQualifiedName() = this.getAttribute("namespace").getValue() - } -} - -/** - * An MyBatis Mapper sql operation element. - */ -abstract class MyBatisMapperSqlOperation extends MyBatisMapperXmlElement { - /** - * Gets the value of the `id` attribute of MyBatis Mapper sql operation element. - */ - string getId() { result = this.getAttribute("id").getValue() } - - /** - * Gets the `` element in a `MyBatisMapperSqlOperation`. - */ - MyBatisMapperInclude getInclude() { result = this.getAChild*() } - - /** - * Gets the method bound to MyBatis Mapper XML File. - */ - Method getMapperMethod() { - result.getName() = this.getId() and - result.getDeclaringType() = this.getParent().(MyBatisMapperXmlElement).getNamespaceRefType() - } -} - -/** - * A `` element in a `MyBatisMapperSqlOperation`. - */ -class MyBatisMapperInsert extends MyBatisMapperSqlOperation { - MyBatisMapperInsert() { this.getName() = "insert" } -} - -/** - * A `` element in a `MyBatisMapperSqlOperation`. - */ -class MyBatisMapperUpdate extends MyBatisMapperSqlOperation { - MyBatisMapperUpdate() { this.getName() = "update" } -} - -/** - * A `` element in a `MyBatisMapperSqlOperation`. - */ -class MyBatisMapperDelete extends MyBatisMapperSqlOperation { - MyBatisMapperDelete() { this.getName() = "delete" } -} - -/** - * A `