зеркало из https://github.com/github/codeql.git
Merge pull request #15393 from erik-krogh/deps-jan-2024
All: delete outdated deprecations
This commit is contained in:
Erik Krogh Kristensen
GitHub
Коммит
f1d6f56621
|
|
@ -473,10 +473,6 @@
|
|||
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
|
||||
"python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
|
||||
],
|
||||
"Typo database": [
|
||||
"javascript/ql/src/Expressions/TypoDatabase.qll",
|
||||
"ql/ql/src/codeql_ql/style/TypoDatabase.qll"
|
||||
],
|
||||
"Swift declarations test file": [
|
||||
"swift/ql/test/extractor-tests/declarations/declarations.swift",
|
||||
"swift/ql/test/library-tests/ast/declarations.swift"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
|
||||
|
|
@ -380,9 +380,6 @@ class Class extends UserType {
|
|||
*/
|
||||
predicate isPod() { is_pod_class(underlyingElement(this)) }
|
||||
|
||||
/** DEPRECATED: Alias for isPod */
|
||||
deprecated predicate isPOD() { this.isPod() }
|
||||
|
||||
/**
|
||||
* Holds if this class, struct or union is a standard-layout class
|
||||
* [N4140 9(7)]. Also holds for structs in C programs.
|
||||
|
|
|
|||
|
|
@ -104,9 +104,6 @@ predicate isPodClass03(Class c) {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isPodClass03 */
|
||||
deprecated predicate isPODClass03 = isPodClass03/1;
|
||||
|
||||
/**
|
||||
* Holds if `t` is a POD type, according to the rules specified in
|
||||
* C++03 3.9(10):
|
||||
|
|
@ -126,6 +123,3 @@ predicate isPodType03(Type t) {
|
|||
isPodType03(ut.(SpecifiedType).getUnspecifiedType())
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isPodType03 */
|
||||
deprecated predicate isPODType03 = isPodType03/1;
|
||||
|
|
|
|||
|
|
@ -32,9 +32,6 @@ class XmlLocatable extends @xmllocatable, TXmlLocatable {
|
|||
string toString() { none() } // overridden in subclasses
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlLocatable */
|
||||
deprecated class XMLLocatable = XmlLocatable;
|
||||
|
||||
/**
|
||||
* An `XmlParent` is either an `XmlElement` or an `XmlFile`,
|
||||
* both of which can contain other elements.
|
||||
|
|
@ -95,9 +92,6 @@ class XmlParent extends @xmlparent {
|
|||
string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlParent */
|
||||
deprecated class XMLParent = XmlParent;
|
||||
|
||||
/** An XML file. */
|
||||
class XmlFile extends XmlParent, File {
|
||||
XmlFile() { xmlEncoding(this, _) }
|
||||
|
|
@ -119,14 +113,8 @@ class XmlFile extends XmlParent, File {
|
|||
|
||||
/** Gets a DTD associated with this XML file. */
|
||||
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
|
||||
|
||||
/** DEPRECATED: Alias for getADtd */
|
||||
deprecated XmlDtd getADTD() { result = this.getADtd() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlFile */
|
||||
deprecated class XMLFile = XmlFile;
|
||||
|
||||
/**
|
||||
* An XML document type definition (DTD).
|
||||
*
|
||||
|
|
@ -163,9 +151,6 @@ class XmlDtd extends XmlLocatable, @xmldtd {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlDtd */
|
||||
deprecated class XMLDTD = XmlDtd;
|
||||
|
||||
/**
|
||||
* An XML element in an XML file.
|
||||
*
|
||||
|
|
@ -221,9 +206,6 @@ class XmlElement extends @xmlelement, XmlParent, XmlLocatable {
|
|||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlElement */
|
||||
deprecated class XMLElement = XmlElement;
|
||||
|
||||
/**
|
||||
* An attribute that occurs inside an XML element.
|
||||
*
|
||||
|
|
@ -254,9 +236,6 @@ class XmlAttribute extends @xmlattribute, XmlLocatable {
|
|||
override string toString() { result = this.getName() + "=" + this.getValue() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlAttribute */
|
||||
deprecated class XMLAttribute = XmlAttribute;
|
||||
|
||||
/**
|
||||
* A namespace used in an XML file.
|
||||
*
|
||||
|
|
@ -273,9 +252,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
/** Gets the URI of this namespace. */
|
||||
string getUri() { xmlNs(this, _, result, _) }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = this.getUri() }
|
||||
|
||||
/** Holds if this namespace has no prefix. */
|
||||
predicate isDefault() { this.getPrefix() = "" }
|
||||
|
||||
|
|
@ -286,9 +262,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlNamespace */
|
||||
deprecated class XMLNamespace = XmlNamespace;
|
||||
|
||||
/**
|
||||
* A comment in an XML file.
|
||||
*
|
||||
|
|
@ -309,9 +282,6 @@ class XmlComment extends @xmlcomment, XmlLocatable {
|
|||
override string toString() { result = this.getText() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlComment */
|
||||
deprecated class XMLComment = XmlComment;
|
||||
|
||||
/**
|
||||
* A sequence of characters that occurs between opening and
|
||||
* closing tags of an XML element, excluding other elements.
|
||||
|
|
@ -335,6 +305,3 @@ class XmlCharacters extends @xmlcharacters, XmlLocatable {
|
|||
/** Gets a printable representation of this XML character sequence. */
|
||||
override string toString() { result = this.getCharacters() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlCharacters */
|
||||
deprecated class XMLCharacters = XmlCharacters;
|
||||
|
|
|
|||
|
|
@ -5,9 +5,6 @@ class NullMacro extends Macro {
|
|||
NullMacro() { this.getHead() = "NULL" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for NullMacro */
|
||||
deprecated class NULLMacro = NullMacro;
|
||||
|
||||
/** A use of the NULL macro. */
|
||||
class NULL extends Literal {
|
||||
NULL() { exists(NullMacro nm | this = nm.getAnInvocation().getAnExpandedElement()) }
|
||||
|
|
|
|||
|
|
@ -1,22 +0,0 @@
|
|||
import cpp
|
||||
|
||||
/**
|
||||
* DEPRECATED: use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
|
||||
*
|
||||
* A function that concatenates the string from its second argument
|
||||
* to the string from its first argument, for example `strcat`.
|
||||
*/
|
||||
deprecated class StrcatFunction extends Function {
|
||||
StrcatFunction() {
|
||||
this.getName() =
|
||||
[
|
||||
"strcat", // strcat(dst, src)
|
||||
"strncat", // strncat(dst, src, max_amount)
|
||||
"wcscat", // wcscat(dst, src)
|
||||
"_mbscat", // _mbscat(dst, src)
|
||||
"wcsncat", // wcsncat(dst, src, max_amount)
|
||||
"_mbsncat", // _mbsncat(dst, src, max_amount)
|
||||
"_mbsncat_l" // _mbsncat_l(dst, src, max_amount, locale)
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
@ -1068,6 +1068,3 @@ module Ssa {
|
|||
|
||||
predicate hasUnreachedInstruction = Cached::hasUnreachedInstructionCached/1;
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ssa */
|
||||
deprecated module SSA = Ssa;
|
||||
|
|
|
|||
|
|
@ -3,13 +3,6 @@ import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Rea
|
|||
import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Dominance as Dominance
|
||||
import semmle.code.cpp.ir.implementation.aliased_ssa.IR as NewIR
|
||||
import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SsaInstructions
|
||||
|
||||
/** DEPRECATED: Alias for SsaInstructions */
|
||||
deprecated module SSAInstructions = SsaInstructions;
|
||||
|
||||
import semmle.code.cpp.ir.internal.IRCppLanguage as Language
|
||||
import AliasedSSA as Alias
|
||||
import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SsaOperands
|
||||
|
||||
/** DEPRECATED: Alias for SsaOperands */
|
||||
deprecated module SSAOperands = SsaOperands;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,3 @@ import semmle.code.cpp.ir.internal.IRCppLanguage as Language
|
|||
import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction
|
||||
import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
|
||||
import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSsa
|
||||
|
||||
/** DEPRECATED: Alias for AliasedSsa */
|
||||
deprecated module AliasedSSA = AliasedSsa;
|
||||
|
|
|
|||
|
|
@ -1068,6 +1068,3 @@ module Ssa {
|
|||
|
||||
predicate hasUnreachedInstruction = Cached::hasUnreachedInstructionCached/1;
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ssa */
|
||||
deprecated module SSA = Ssa;
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ import semmle.code.cpp.ir.implementation.raw.internal.reachability.Dominance as
|
|||
import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as NewIR
|
||||
import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as RawStage
|
||||
import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
|
||||
|
||||
/** DEPRECATED: Alias for SsaInstructions */
|
||||
deprecated module SSAInstructions = SsaInstructions;
|
||||
|
||||
import semmle.code.cpp.ir.internal.IRCppLanguage as Language
|
||||
import SimpleSSA as Alias
|
||||
import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
|
||||
|
||||
/** DEPRECATED: Alias for SsaOperands */
|
||||
deprecated module SSAOperands = SsaOperands;
|
||||
|
|
|
|||
|
|
@ -22,9 +22,6 @@ class SalMacro extends Macro {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalMacro */
|
||||
deprecated class SALMacro = SalMacro;
|
||||
|
||||
pragma[noinline]
|
||||
private predicate isTopLevelMacroAccess(MacroAccess ma) { not exists(ma.getParentInvocation()) }
|
||||
|
||||
|
|
@ -50,9 +47,6 @@ class SalAnnotation extends MacroInvocation {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalAnnotation */
|
||||
deprecated class SALAnnotation = SalAnnotation;
|
||||
|
||||
/**
|
||||
* A SAL macro indicating that the return value of a function should always be
|
||||
* checked.
|
||||
|
|
@ -63,9 +57,6 @@ class SalCheckReturn extends SalAnnotation {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalCheckReturn */
|
||||
deprecated class SALCheckReturn = SalCheckReturn;
|
||||
|
||||
/**
|
||||
* A SAL macro indicating that a pointer variable or return value should not be
|
||||
* `NULL`.
|
||||
|
|
@ -89,9 +80,6 @@ class SalNotNull extends SalAnnotation {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalNotNull */
|
||||
deprecated class SALNotNull = SalNotNull;
|
||||
|
||||
/**
|
||||
* A SAL macro indicating that a value may be `NULL`.
|
||||
*/
|
||||
|
|
@ -105,9 +93,6 @@ class SalMaybeNull extends SalAnnotation {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalMaybeNull */
|
||||
deprecated class SALMaybeNull = SalMaybeNull;
|
||||
|
||||
/**
|
||||
* A parameter annotated by one or more SAL annotations.
|
||||
*/
|
||||
|
|
@ -124,9 +109,6 @@ class SalParameter extends Parameter {
|
|||
predicate isInOut() { a.getMacroName().toLowerCase().matches("%\\_inout%") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalParameter */
|
||||
deprecated class SALParameter = SalParameter;
|
||||
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
// Implementation details
|
||||
/**
|
||||
|
|
@ -199,9 +181,6 @@ class SalElement extends Element {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SalElement */
|
||||
deprecated class SALElement = SalElement;
|
||||
|
||||
/** Holds if `file` contains a SAL annotation. */
|
||||
pragma[noinline]
|
||||
private predicate containsSalAnnotation(File file) { any(SalAnnotation a).getFile() = file }
|
||||
|
|
|
|||
|
|
@ -55,9 +55,6 @@ class SqlClientInfo extends SystemData {
|
|||
override predicate isSensitive() { any() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SqlClientInfo */
|
||||
deprecated class SQLClientInfo = SqlClientInfo;
|
||||
|
||||
private predicate sqlConnectInfo(FunctionCall source, Expr use) {
|
||||
(
|
||||
source.getTarget().hasName("mysql_connect") or
|
||||
|
|
@ -77,9 +74,6 @@ class SqlConnectInfo extends SystemData {
|
|||
override predicate isSensitive() { any() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SqlConnectInfo */
|
||||
deprecated class SQLConnectInfo = SqlConnectInfo;
|
||||
|
||||
private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) {
|
||||
// size_t confstr(int name, char *buf, size_t len)
|
||||
// - various OS / system strings, such as the libc version
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
|
||||
* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
|
||||
* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
|
||||
* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
|
||||
* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
|
||||
|
|
@ -39,9 +39,6 @@ predicate maybeUsedInFnvFunction(Variable v, Operation xor, Operation mul, LoopS
|
|||
loop.getAChild*() = xor.getEnclosingStmt()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for maybeUsedInFnvFunction */
|
||||
deprecated predicate maybeUsedInFNVFunction = maybeUsedInFnvFunction/4;
|
||||
|
||||
/**
|
||||
* Holds if the arguments are used in a way that resembles an Elf-Hash hash function
|
||||
* where there is a loop statement `loop` where the variable `v` is used in an xor `xor` expression
|
||||
|
|
|
|||
|
|
@ -89,16 +89,10 @@ class FormsElement extends XmlElement {
|
|||
result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getRequireSsl */
|
||||
deprecated string getRequireSSL() { result = this.getRequireSsl() }
|
||||
|
||||
/**
|
||||
* Holds if `requireSSL` value is true.
|
||||
*/
|
||||
predicate isRequireSsl() { this.getRequireSsl() = "true" }
|
||||
|
||||
/** DEPRECATED: Alias for isRequireSsl */
|
||||
deprecated predicate isRequireSSL() { this.isRequireSsl() }
|
||||
}
|
||||
|
||||
/** A `<httpCookies>` tag in an ASP.NET configuration file. */
|
||||
|
|
@ -124,9 +118,6 @@ class HttpCookiesElement extends XmlElement {
|
|||
result = this.getAttribute("requireSSL").getValue().trim().toLowerCase()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getRequireSsl */
|
||||
deprecated string getRequireSSL() { result = this.getRequireSsl() }
|
||||
|
||||
/**
|
||||
* Holds if there is any chance that `requireSSL` is set to `true` either globally or for Forms.
|
||||
*/
|
||||
|
|
@ -136,9 +127,6 @@ class HttpCookiesElement extends XmlElement {
|
|||
not this.getRequireSsl() = "false" and // not set all, i.e. default
|
||||
exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSsl())
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isRequireSsl */
|
||||
deprecated predicate isRequireSSL() { this.isRequireSsl() }
|
||||
}
|
||||
|
||||
/** A `Transform` attribute in a Web.config transformation file. */
|
||||
|
|
|
|||
|
|
@ -16,23 +16,6 @@ class DataFlowNode extends @cil_dataflow_node {
|
|||
/** Gets the type of this data flow node. */
|
||||
Type getType() { none() }
|
||||
|
||||
/**
|
||||
* Holds if this node flows to `sink` in one step.
|
||||
* `tt` is the tainting that occurs during this step.
|
||||
*/
|
||||
deprecated predicate getALocalFlowSucc(DataFlowNode sink, TaintType tt) {
|
||||
localExactStep(this, sink) and tt = TExactValue()
|
||||
or
|
||||
localTaintStep(this, sink) and tt = TTaintedValue()
|
||||
}
|
||||
|
||||
deprecated private predicate flowsToStep(DataFlowNode sink) {
|
||||
this.getALocalFlowSucc(sink, TExactValue())
|
||||
}
|
||||
|
||||
/** Holds if this node flows to `sink` in zero or more steps. */
|
||||
deprecated predicate flowsTo(DataFlowNode sink) { this.flowsToStep*(sink) }
|
||||
|
||||
/** Gets the method that contains this dataflow node. */
|
||||
Method getMethod() { none() }
|
||||
|
||||
|
|
@ -40,77 +23,6 @@ class DataFlowNode extends @cil_dataflow_node {
|
|||
Location getLocation() { none() }
|
||||
}
|
||||
|
||||
deprecated private newtype TTaintType =
|
||||
TExactValue() or
|
||||
TTaintedValue()
|
||||
|
||||
/** Describes how data is tainted. */
|
||||
deprecated class TaintType extends TTaintType {
|
||||
string toString() {
|
||||
this = TExactValue() and result = "exact"
|
||||
or
|
||||
this = TTaintedValue() and result = "tainted"
|
||||
}
|
||||
}
|
||||
|
||||
/** A taint type where the data is untainted. */
|
||||
deprecated class Untainted extends TaintType, TExactValue { }
|
||||
|
||||
/** A taint type where the data is tainted. */
|
||||
deprecated class Tainted extends TaintType, TTaintedValue { }
|
||||
|
||||
deprecated private predicate localFlowPhiInput(DataFlowNode input, Ssa::PhiNode phi) {
|
||||
exists(Ssa::Definition def, BasicBlock bb, int i | phi.hasLastInputRef(def, bb, i) |
|
||||
def.definesAt(_, bb, i) and
|
||||
input = def.getVariableUpdate().getSource()
|
||||
or
|
||||
input =
|
||||
any(ReadAccess ra |
|
||||
bb.getNode(i) = ra and
|
||||
ra.getTarget() = def.getSourceVariable()
|
||||
)
|
||||
)
|
||||
or
|
||||
exists(Ssa::PhiNode mid, BasicBlock bb, int i |
|
||||
localFlowPhiInput(input, mid) and
|
||||
phi.hasLastInputRef(mid, bb, i) and
|
||||
mid.definesAt(_, bb, i)
|
||||
)
|
||||
}
|
||||
|
||||
deprecated private predicate localExactStep(DataFlowNode src, DataFlowNode sink) {
|
||||
src = sink.(Opcodes::Dup).getAnOperand()
|
||||
or
|
||||
exists(Ssa::Definition def, VariableUpdate vu |
|
||||
vu = def.getVariableUpdate() and
|
||||
src = vu.getSource() and
|
||||
sink = def.getAFirstRead()
|
||||
)
|
||||
or
|
||||
any(Ssa::Definition def).hasAdjacentReads(src, sink)
|
||||
or
|
||||
exists(Ssa::PhiNode phi |
|
||||
localFlowPhiInput(src, phi) and
|
||||
sink = phi.getAFirstRead()
|
||||
)
|
||||
or
|
||||
src = sink.(Conversion).getExpr()
|
||||
or
|
||||
src = sink.(WriteAccess).getExpr()
|
||||
or
|
||||
src = sink.(Method).getAnImplementation().getAnInstruction().(Return)
|
||||
or
|
||||
src = sink.(Return).getExpr()
|
||||
or
|
||||
src = sink.(ConditionalBranch).getAnOperand()
|
||||
}
|
||||
|
||||
deprecated private predicate localTaintStep(DataFlowNode src, DataFlowNode sink) {
|
||||
src = sink.(BinaryArithmeticExpr).getAnOperand() or
|
||||
src = sink.(Opcodes::Neg).getOperand() or
|
||||
src = sink.(UnaryBitwiseOperation).getOperand()
|
||||
}
|
||||
|
||||
/** A node that updates a variable. */
|
||||
abstract class VariableUpdate extends DataFlowNode {
|
||||
/** Gets the value assigned, if any. */
|
||||
|
|
|
|||
|
|
@ -788,9 +788,6 @@ module Opcodes {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for NewObj */
|
||||
deprecated class Newobj = NewObj;
|
||||
|
||||
/** An `initobj` instruction. */
|
||||
class Initobj extends Instruction, @cil_initobj {
|
||||
override string getOpcodeName() { result = "initobj" }
|
||||
|
|
@ -854,9 +851,6 @@ module Opcodes {
|
|||
override string getOpcodeName() { result = "rethrow" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for ReThrow */
|
||||
deprecated class Rethrow = ReThrow;
|
||||
|
||||
/** A `ldlen` instruction. */
|
||||
class Ldlen extends UnaryExpr, @cil_ldlen {
|
||||
override string getOpcodeName() { result = "ldlen" }
|
||||
|
|
|
|||
|
|
@ -23,14 +23,6 @@ module Ssa {
|
|||
)
|
||||
}
|
||||
|
||||
/** Gets a first read of this SSA definition. */
|
||||
deprecated final ReadAccess getAFirstRead() { result = SsaImpl::getAFirstRead(this) }
|
||||
|
||||
/** Holds if `first` and `second` are adjacent reads of this SSA definition. */
|
||||
deprecated final predicate hasAdjacentReads(ReadAccess first, ReadAccess second) {
|
||||
SsaImpl::hasAdjacentReads(this, first, second)
|
||||
}
|
||||
|
||||
private Definition getAPhiInput() { result = this.(PhiNode).getAnInput() }
|
||||
|
||||
/**
|
||||
|
|
@ -52,15 +44,5 @@ module Ssa {
|
|||
|
||||
/** Gets an input to this phi node. */
|
||||
final Definition getAnInput() { result = SsaImpl::getAPhiInput(this) }
|
||||
|
||||
/**
|
||||
* Holds if if `def` is an input to this phi node, and a reference to `def` at
|
||||
* index `i` in basic block `bb` can reach this phi node without going through
|
||||
* other references.
|
||||
*/
|
||||
deprecated final predicate hasLastInputRef(Definition def, BasicBlock bb, int i) {
|
||||
SsaImpl::lastRefRedef(def, bb, i, this) and
|
||||
def = SsaImpl::getAPhiInput(this)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -77,26 +77,6 @@ import Cached
|
|||
|
||||
private module Deprecated {
|
||||
private import CIL
|
||||
|
||||
deprecated ReadAccess getAFirstRead(Definition def) {
|
||||
exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
|
||||
def.definesAt(_, bb1, i1) and
|
||||
adjacentDefRead(def, bb1, i1, bb2, i2) and
|
||||
result = bb2.getNode(i2)
|
||||
)
|
||||
}
|
||||
|
||||
deprecated predicate hasAdjacentReads(Definition def, ReadAccess first, ReadAccess second) {
|
||||
exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
|
||||
first = bb1.getNode(i1) and
|
||||
adjacentDefRead(def, bb1, i1, bb2, i2) and
|
||||
second = bb2.getNode(i2)
|
||||
)
|
||||
}
|
||||
|
||||
deprecated predicate lastRefBeforeRedef(Definition def, BasicBlock bb, int i, Definition next) {
|
||||
lastRefRedef(def, bb, i, next)
|
||||
}
|
||||
}
|
||||
|
||||
import Deprecated
|
||||
|
|
|
|||
|
|
@ -117,15 +117,6 @@ class AssignableRead extends AssignableAccess {
|
|||
cfn = this.getAnAdjacentReadSameVar()
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a reachable read of the same underlying assignable. That is, a read
|
||||
* that can be reached from this read, and which is guaranteed to read the
|
||||
* same value.
|
||||
*
|
||||
* This is the transitive closure of `getANextRead()`.
|
||||
*/
|
||||
deprecated AssignableRead getAReachableRead() { result = this.getANextRead+() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -489,15 +480,6 @@ class AssignableDefinition extends TAssignableDefinition {
|
|||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a reachable read of the same underlying assignable. That is, a read
|
||||
* that can be reached from this definition, and which is guaranteed to read
|
||||
* the value assigned in this definition.
|
||||
*
|
||||
* This is the equivalent with `getAFirstRead().getANextRead*()`.
|
||||
*/
|
||||
deprecated AssignableRead getAReachableRead() { result = this.getAFirstRead().getANextRead*() }
|
||||
|
||||
/** Gets a textual representation of this assignable definition. */
|
||||
string toString() { none() }
|
||||
|
||||
|
|
|
|||
|
|
@ -32,9 +32,6 @@ class XmlLocatable extends @xmllocatable, TXmlLocatable {
|
|||
string toString() { none() } // overridden in subclasses
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlLocatable */
|
||||
deprecated class XMLLocatable = XmlLocatable;
|
||||
|
||||
/**
|
||||
* An `XmlParent` is either an `XmlElement` or an `XmlFile`,
|
||||
* both of which can contain other elements.
|
||||
|
|
@ -95,9 +92,6 @@ class XmlParent extends @xmlparent {
|
|||
string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlParent */
|
||||
deprecated class XMLParent = XmlParent;
|
||||
|
||||
/** An XML file. */
|
||||
class XmlFile extends XmlParent, File {
|
||||
XmlFile() { xmlEncoding(this, _) }
|
||||
|
|
@ -119,14 +113,8 @@ class XmlFile extends XmlParent, File {
|
|||
|
||||
/** Gets a DTD associated with this XML file. */
|
||||
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
|
||||
|
||||
/** DEPRECATED: Alias for getADtd */
|
||||
deprecated XmlDtd getADTD() { result = this.getADtd() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlFile */
|
||||
deprecated class XMLFile = XmlFile;
|
||||
|
||||
/**
|
||||
* An XML document type definition (DTD).
|
||||
*
|
||||
|
|
@ -163,9 +151,6 @@ class XmlDtd extends XmlLocatable, @xmldtd {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlDtd */
|
||||
deprecated class XMLDTD = XmlDtd;
|
||||
|
||||
/**
|
||||
* An XML element in an XML file.
|
||||
*
|
||||
|
|
@ -221,9 +206,6 @@ class XmlElement extends @xmlelement, XmlParent, XmlLocatable {
|
|||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlElement */
|
||||
deprecated class XMLElement = XmlElement;
|
||||
|
||||
/**
|
||||
* An attribute that occurs inside an XML element.
|
||||
*
|
||||
|
|
@ -254,9 +236,6 @@ class XmlAttribute extends @xmlattribute, XmlLocatable {
|
|||
override string toString() { result = this.getName() + "=" + this.getValue() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlAttribute */
|
||||
deprecated class XMLAttribute = XmlAttribute;
|
||||
|
||||
/**
|
||||
* A namespace used in an XML file.
|
||||
*
|
||||
|
|
@ -273,9 +252,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
/** Gets the URI of this namespace. */
|
||||
string getUri() { xmlNs(this, _, result, _) }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = this.getUri() }
|
||||
|
||||
/** Holds if this namespace has no prefix. */
|
||||
predicate isDefault() { this.getPrefix() = "" }
|
||||
|
||||
|
|
@ -286,9 +262,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlNamespace */
|
||||
deprecated class XMLNamespace = XmlNamespace;
|
||||
|
||||
/**
|
||||
* A comment in an XML file.
|
||||
*
|
||||
|
|
@ -309,9 +282,6 @@ class XmlComment extends @xmlcomment, XmlLocatable {
|
|||
override string toString() { result = this.getText() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlComment */
|
||||
deprecated class XMLComment = XmlComment;
|
||||
|
||||
/**
|
||||
* A sequence of characters that occurs between opening and
|
||||
* closing tags of an XML element, excluding other elements.
|
||||
|
|
@ -335,6 +305,3 @@ class XmlCharacters extends @xmlcharacters, XmlLocatable {
|
|||
/** Gets a printable representation of this XML character sequence. */
|
||||
override string toString() { result = this.getCharacters() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlCharacters */
|
||||
deprecated class XMLCharacters = XmlCharacters;
|
||||
|
|
|
|||
|
|
@ -173,10 +173,6 @@ class VariableAccess extends AssignableAccess, @variable_access_expr {
|
|||
*/
|
||||
class VariableRead extends VariableAccess, AssignableRead {
|
||||
override VariableRead getANextRead() { result = AssignableRead.super.getANextRead() }
|
||||
|
||||
deprecated override VariableRead getAReachableRead() {
|
||||
result = AssignableRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -201,10 +197,6 @@ class LocalScopeVariableAccess extends VariableAccess, @local_scope_variable_acc
|
|||
*/
|
||||
class LocalScopeVariableRead extends LocalScopeVariableAccess, VariableRead {
|
||||
override LocalScopeVariableRead getANextRead() { result = VariableRead.super.getANextRead() }
|
||||
|
||||
deprecated override LocalScopeVariableRead getAReachableRead() {
|
||||
result = VariableRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -243,10 +235,6 @@ class ParameterAccess extends LocalScopeVariableAccess, @parameter_access_expr {
|
|||
*/
|
||||
class ParameterRead extends ParameterAccess, LocalScopeVariableRead {
|
||||
override ParameterRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() }
|
||||
|
||||
deprecated override ParameterRead getAReachableRead() {
|
||||
result = LocalScopeVariableRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -298,10 +286,6 @@ class LocalVariableAccess extends LocalScopeVariableAccess, @local_variable_acce
|
|||
*/
|
||||
class LocalVariableRead extends LocalVariableAccess, LocalScopeVariableRead {
|
||||
override LocalVariableRead getANextRead() { result = LocalScopeVariableRead.super.getANextRead() }
|
||||
|
||||
deprecated override LocalVariableRead getAReachableRead() {
|
||||
result = LocalScopeVariableRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -443,10 +427,6 @@ class PropertyAccess extends AssignableMemberAccess, PropertyAccessExpr {
|
|||
*/
|
||||
class PropertyRead extends PropertyAccess, AssignableRead {
|
||||
override PropertyRead getANextRead() { result = AssignableRead.super.getANextRead() }
|
||||
|
||||
deprecated override PropertyRead getAReachableRead() {
|
||||
result = AssignableRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -584,10 +564,6 @@ class IndexerAccess extends AssignableMemberAccess, ElementAccess, IndexerAccess
|
|||
*/
|
||||
class IndexerRead extends IndexerAccess, ElementRead {
|
||||
override IndexerRead getANextRead() { result = ElementRead.super.getANextRead() }
|
||||
|
||||
deprecated override IndexerRead getAReachableRead() {
|
||||
result = ElementRead.super.getAReachableRead()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -123,9 +123,6 @@ class MicrosoftOwinIOwinRequestClass extends Class {
|
|||
result = this.getAProperty() and
|
||||
result.hasName("Uri")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getUriProperty */
|
||||
deprecated Property getURIProperty() { result = this.getUriProperty() }
|
||||
}
|
||||
|
||||
/** A `Microsoft.Owin.*String` class. */
|
||||
|
|
|
|||
|
|
@ -5,11 +5,6 @@
|
|||
import csharp
|
||||
private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
|
||||
|
||||
/** Array of type Byte */
|
||||
deprecated class ByteArray extends ArrayType {
|
||||
ByteArray() { this.getElementType() instanceof ByteType }
|
||||
}
|
||||
|
||||
/** Abstract class for all sources of keys */
|
||||
abstract class KeySource extends DataFlow::Node { }
|
||||
|
||||
|
|
|
|||
|
|
@ -118,15 +118,6 @@ class NamedElement extends Element, @dotnet_named_element {
|
|||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `hasQualifiedName/2` instead.
|
||||
* Holds if this element has qualified name `qualifiedName`, for example
|
||||
* `System.Console.WriteLine`.
|
||||
*/
|
||||
deprecated final predicate hasQualifiedName(string qualifiedName) {
|
||||
qualifiedName = this.getQualifiedName()
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `hasFullyQualifiedName` instead.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -17,6 +17,3 @@ module Ssa {
|
|||
|
||||
predicate hasUnreachedInstruction(IRFunctionBase irFunc) { none() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ssa */
|
||||
deprecated module SSA = Ssa;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,3 @@ import experimental.ir.internal.IRCSharpLanguage as Language
|
|||
import experimental.ir.implementation.raw.internal.IRConstruction as IRConstruction
|
||||
import experimental.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa
|
||||
import AliasedSSAStub as AliasedSsa
|
||||
|
||||
/** DEPRECATED: Alias for AliasedSsa */
|
||||
deprecated module AliasedSSA = AliasedSsa;
|
||||
|
|
|
|||
|
|
@ -1068,6 +1068,3 @@ module Ssa {
|
|||
|
||||
predicate hasUnreachedInstruction = Cached::hasUnreachedInstructionCached/1;
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ssa */
|
||||
deprecated module SSA = Ssa;
|
||||
|
|
|
|||
|
|
@ -4,13 +4,6 @@ import experimental.ir.implementation.raw.internal.reachability.Dominance as Dom
|
|||
import experimental.ir.implementation.unaliased_ssa.IR as NewIR
|
||||
import experimental.ir.implementation.raw.internal.IRConstruction as RawStage
|
||||
import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions
|
||||
|
||||
/** DEPRECATED: Alias for SsaInstructions */
|
||||
deprecated module SSAInstructions = SsaInstructions;
|
||||
|
||||
import experimental.ir.internal.IRCSharpLanguage as Language
|
||||
import SimpleSSA as Alias
|
||||
import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands
|
||||
|
||||
/** DEPRECATED: Alias for SsaOperands */
|
||||
deprecated module SSAOperands = SsaOperands;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
|
||||
|
|
@ -16,6 +16,3 @@ string commonTld() {
|
|||
// according to ranking by http://google.com/search?q=site:.<<TLD>>
|
||||
result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for commonTld */
|
||||
deprecated string commonTLD() { result = commonTld() }
|
||||
|
|
|
|||
|
|
@ -346,6 +346,3 @@ module Http {
|
|||
predicate guardedBy(DataFlow::Node check) { super.guardedBy(check) }
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Http */
|
||||
deprecated module HTTP = Http;
|
||||
|
|
|
|||
|
|
@ -115,6 +115,3 @@ module NoSql {
|
|||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for NoSql */
|
||||
deprecated module NoSQL = NoSql;
|
||||
|
|
|
|||
|
|
@ -154,6 +154,3 @@ module Url {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Url */
|
||||
deprecated module URL = Url;
|
||||
|
|
|
|||
|
|
@ -17,9 +17,6 @@ private import Logrus
|
|||
*/
|
||||
abstract class SafeExternalApiFunction extends Function { }
|
||||
|
||||
/** DEPRECATED: Alias for SafeExternalApiFunction */
|
||||
deprecated class SafeExternalAPIFunction = SafeExternalApiFunction;
|
||||
|
||||
/**
|
||||
* A `Function` with one or more arguments that are considered "safe" from a security perspective.
|
||||
*/
|
||||
|
|
@ -128,9 +125,6 @@ class ExternalApiDataNode extends DataFlow::Node {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for ExternalApiDataNode */
|
||||
deprecated class ExternalAPIDataNode = ExternalApiDataNode;
|
||||
|
||||
/** Gets the name of a method in package `p` which has a function model. */
|
||||
TaintTracking::FunctionModel getAMethodModelInPackage(Package p) {
|
||||
p = result.getPackage() and
|
||||
|
|
@ -185,9 +179,6 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for UnknownExternalApiDataNode */
|
||||
deprecated class UnknownExternalAPIDataNode = UnknownExternalApiDataNode;
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
|
||||
*
|
||||
|
|
@ -212,9 +203,6 @@ private module UntrustedDataConfig implements DataFlow::ConfigSig {
|
|||
*/
|
||||
module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
|
||||
|
||||
/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
|
||||
deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `UntrustedDataToUnknownExternalApiFlow` instead.
|
||||
*
|
||||
|
|
@ -228,9 +216,6 @@ deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::
|
|||
override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for UntrustedDataToUnknownExternalApiConfig */
|
||||
deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknownExternalApiConfig;
|
||||
|
||||
private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
|
||||
|
||||
|
|
@ -251,9 +236,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
|
|||
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
|
||||
deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
|
||||
|
||||
/** An external API which is used with untrusted data. */
|
||||
private newtype TExternalApi =
|
||||
/** An untrusted API method `m` where untrusted data is passed at `index`. */
|
||||
|
|
@ -288,6 +270,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
|
|||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
|
||||
deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
|
||||
|
|
|
|||
|
|
@ -6,12 +6,6 @@ import go
|
|||
|
||||
/** Provides classes and predicates shared between the XSS queries. */
|
||||
module SharedXss {
|
||||
/**
|
||||
* DEPRECATED: This class is not used.
|
||||
* A data flow source for XSS vulnerabilities.
|
||||
*/
|
||||
abstract deprecated class Source extends DataFlow::Node { }
|
||||
|
||||
/** A data flow sink for XSS vulnerabilities. */
|
||||
abstract class Sink extends DataFlow::Node {
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files.
|
||||
|
|
@ -25,9 +25,6 @@ class LocalEjbHomeInterface extends Interface {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for LocalEjbHomeInterface */
|
||||
deprecated class LocalEJBHomeInterface = LocalEjbHomeInterface;
|
||||
|
||||
/** A remote EJB home interface. */
|
||||
class RemoteEjbHomeInterface extends Interface {
|
||||
RemoteEjbHomeInterface() {
|
||||
|
|
@ -35,9 +32,6 @@ class RemoteEjbHomeInterface extends Interface {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for RemoteEjbHomeInterface */
|
||||
deprecated class RemoteEJBHomeInterface = RemoteEjbHomeInterface;
|
||||
|
||||
/** A local EJB interface. */
|
||||
class LocalEjbInterface extends Interface {
|
||||
LocalEjbInterface() {
|
||||
|
|
@ -45,9 +39,6 @@ class LocalEjbInterface extends Interface {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for LocalEjbInterface */
|
||||
deprecated class LocalEJBInterface = LocalEjbInterface;
|
||||
|
||||
/** A remote EJB interface. */
|
||||
class RemoteEjbInterface extends Interface {
|
||||
RemoteEjbInterface() {
|
||||
|
|
@ -55,9 +46,6 @@ class RemoteEjbInterface extends Interface {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for RemoteEjbInterface */
|
||||
deprecated class RemoteEJBInterface = RemoteEjbInterface;
|
||||
|
||||
/** A message bean. */
|
||||
class MessageBean extends Class {
|
||||
MessageBean() {
|
||||
|
|
|
|||
|
|
@ -50,9 +50,6 @@ class JmxRegistrationCall extends MethodCall {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JmxRegistrationCall */
|
||||
deprecated class JMXRegistrationCall = JmxRegistrationCall;
|
||||
|
||||
/**
|
||||
* A method used to register `MBean` and `MXBean` instances with the `MBeanServer`.
|
||||
*
|
||||
|
|
@ -90,9 +87,6 @@ class JmxRegistrationMethod extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JmxRegistrationMethod */
|
||||
deprecated class JMXRegistrationMethod = JmxRegistrationMethod;
|
||||
|
||||
/** The class `javax.management.remote.JMXConnectorFactory`. */
|
||||
class TypeJmxConnectorFactory extends Class {
|
||||
TypeJmxConnectorFactory() {
|
||||
|
|
@ -100,21 +94,12 @@ class TypeJmxConnectorFactory extends Class {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeJmxConnectorFactory */
|
||||
deprecated class TypeJMXConnectorFactory = TypeJmxConnectorFactory;
|
||||
|
||||
/** The class `javax.management.remote.JMXServiceURL`. */
|
||||
class TypeJmxServiceUrl extends Class {
|
||||
TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeJmxServiceUrl */
|
||||
deprecated class TypeJMXServiceURL = TypeJmxServiceUrl;
|
||||
|
||||
/** The class `javax.management.remote.rmi.RMIConnector`. */
|
||||
class TypeRmiConnector extends Class {
|
||||
TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeRmiConnector */
|
||||
deprecated class TypeRMIConnector = TypeRmiConnector;
|
||||
|
|
|
|||
|
|
@ -33,9 +33,6 @@ private class SpecialMethodCall extends MethodCall {
|
|||
this.isValueOfMethod("Float") or
|
||||
this.isValueOfMethod("Double")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE() { this.throwsNfe() }
|
||||
}
|
||||
|
||||
/** A `ClassInstanceExpr` that constructs a number from its string representation. */
|
||||
|
|
@ -54,9 +51,6 @@ private class SpecialClassInstanceExpr extends ClassInstanceExpr {
|
|||
this.isStringConstructor("Float") or
|
||||
this.isStringConstructor("Double")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE() { this.throwsNfe() }
|
||||
}
|
||||
|
||||
/** The class `java.lang.NumberFormatException`. */
|
||||
|
|
@ -73,13 +67,7 @@ predicate catchesNfe(TryStmt t) {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for catchesNfe */
|
||||
deprecated predicate catchesNFE = catchesNfe/1;
|
||||
|
||||
/** Holds if `java.lang.NumberFormatException` can be thrown. */
|
||||
predicate throwsNfe(Expr e) {
|
||||
e.(SpecialClassInstanceExpr).throwsNfe() or e.(SpecialMethodCall).throwsNfe()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE = throwsNfe/1;
|
||||
|
|
|
|||
|
|
@ -313,9 +313,6 @@ class ReverseDnsMethod extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for ReverseDnsMethod */
|
||||
deprecated class ReverseDNSMethod = ReverseDnsMethod;
|
||||
|
||||
/** Android `Intent` that may have come from a hostile application. */
|
||||
class AndroidIntentInput extends DataFlow::Node {
|
||||
Type receiverType;
|
||||
|
|
|
|||
|
|
@ -97,9 +97,6 @@ class SerialVersionUidField extends ReflectivelyReadField {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SerialVersionUidField */
|
||||
deprecated class SerialVersionUIDField = SerialVersionUidField;
|
||||
|
||||
/**
|
||||
* A field is read by the JAXB during serialization if it is a JAXB bound field, and if the
|
||||
* containing class is considered "live".
|
||||
|
|
@ -173,6 +170,3 @@ class JpaReadField extends ReflectivelyReadField {
|
|||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JpaReadField */
|
||||
deprecated class JPAReadField = JpaReadField;
|
||||
|
|
|
|||
|
|
@ -135,10 +135,6 @@ class JaxAnnotationReflectivelyConstructedClass extends ReflectivelyConstructedC
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxAnnotationReflectivelyConstructedClass */
|
||||
deprecated class JAXAnnotationReflectivelyConstructedClass =
|
||||
JaxAnnotationReflectivelyConstructedClass;
|
||||
|
||||
class DeserializedClass extends ReflectivelyConstructedClass {
|
||||
DeserializedClass() {
|
||||
exists(CastingExpr cast, ReadObjectMethod readObject |
|
||||
|
|
@ -324,9 +320,6 @@ class EjbHome extends Interface, EntryPoint {
|
|||
override Callable getALiveCallable() { result = this.getACallable() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbHome */
|
||||
deprecated class EJBHome = EjbHome;
|
||||
|
||||
/**
|
||||
* Entry point for EJB object interfaces.
|
||||
*/
|
||||
|
|
@ -336,9 +329,6 @@ class EjbObject extends Interface, EntryPoint {
|
|||
override Callable getALiveCallable() { result = this.getACallable() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbObject */
|
||||
deprecated class EJBObject = EjbObject;
|
||||
|
||||
class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
GsonDeserializationEntryPoint() {
|
||||
// Assume any class with a gson annotated field can be deserialized.
|
||||
|
|
@ -361,9 +351,6 @@ class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxbDeserializationEntryPoint */
|
||||
deprecated class JAXBDeserializationEntryPoint = JaxbDeserializationEntryPoint;
|
||||
|
||||
/**
|
||||
* A `javax.annotation` for a method that is called after or before dependency injection on a type.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -115,9 +115,6 @@ class SpringCli extends CallableEntryPoint {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SpringCli */
|
||||
deprecated class SpringCLI = SpringCli;
|
||||
|
||||
/**
|
||||
* An entry point which acts as a remote API for a Flex application to access a Spring application.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -57,9 +57,6 @@ class GwtEntryPointConstructedClass extends ReflectivelyConstructedClass {
|
|||
GwtEntryPointConstructedClass() { this.(GwtEntryPointClass).isLive() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtEntryPointConstructedClass */
|
||||
deprecated class GWTEntryPointConstructedClass = GwtEntryPointConstructedClass;
|
||||
|
||||
/**
|
||||
* Servlets referred to from a GWT module config file.
|
||||
*/
|
||||
|
|
@ -79,9 +76,6 @@ class GwtServletClass extends ReflectivelyConstructedClass {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtServletClass */
|
||||
deprecated class GWTServletClass = GwtServletClass;
|
||||
|
||||
/**
|
||||
* Methods that may be called reflectively by the UiHandler framework.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -302,8 +302,3 @@ private module Dispatch {
|
|||
}
|
||||
|
||||
import Dispatch
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `TypeFlow` instead.
|
||||
*/
|
||||
deprecated Expr variableTrack(Expr use) { result = use }
|
||||
|
|
|
|||
|
|
@ -17,9 +17,6 @@ class CamelToUri extends string {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelToUri */
|
||||
deprecated class CamelToURI = CamelToUri;
|
||||
|
||||
/**
|
||||
* A string describing a URI specified in an Apache Camel "to" declaration that maps to a
|
||||
* SpringBean.
|
||||
|
|
@ -54,9 +51,6 @@ class CamelToBeanUri extends CamelToUri {
|
|||
SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelToBeanUri */
|
||||
deprecated class CamelToBeanURI = CamelToBeanUri;
|
||||
|
||||
/**
|
||||
* A Class whose methods may be called in response to an Apache Camel message.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -9,9 +9,6 @@ class JaxbElement extends Class {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxbElement */
|
||||
deprecated class JAXBElement = JaxbElement;
|
||||
|
||||
class JaxbMarshalMethod extends Method {
|
||||
JaxbMarshalMethod() {
|
||||
this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and
|
||||
|
|
@ -19,9 +16,6 @@ class JaxbMarshalMethod extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxbMarshalMethod */
|
||||
deprecated class JAXBMarshalMethod = JaxbMarshalMethod;
|
||||
|
||||
class JaxbAnnotationType extends AnnotationType {
|
||||
JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -139,9 +139,6 @@ class HttpServletRequestGetRequestUriMethod extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for HttpServletRequestGetRequestUriMethod */
|
||||
deprecated class HttpServletRequestGetRequestURIMethod = HttpServletRequestGetRequestUriMethod;
|
||||
|
||||
/**
|
||||
* The method `getRemoteUser()` declared in `javax.servlet.http.HttpServletRequest`.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -62,9 +62,6 @@ class MethodUnboundIdFilterCreateAndFilter extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for MethodUnboundIdFilterCreateAndFilter */
|
||||
deprecated class MethodUnboundIdFilterCreateANDFilter = MethodUnboundIdFilterCreateAndFilter;
|
||||
|
||||
/** A method with the name `createORFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
|
||||
class MethodUnboundIdFilterCreateORFilter extends Method {
|
||||
MethodUnboundIdFilterCreateORFilter() {
|
||||
|
|
@ -73,9 +70,6 @@ class MethodUnboundIdFilterCreateORFilter extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for MethodUnboundIdFilterCreateNOTFilter */
|
||||
deprecated class MethodUnboundIdFilterCreateNOTFilter = MethodUnboundIdFilterCreateNotFilter;
|
||||
|
||||
/** A method with the name `createNOTFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
|
||||
class MethodUnboundIdFilterCreateNotFilter extends Method {
|
||||
MethodUnboundIdFilterCreateNotFilter() {
|
||||
|
|
|
|||
|
|
@ -65,18 +65,6 @@ class AndroidServiceIntentMethod extends Method {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The method `Context.startActivity` or `startActivities`.
|
||||
*
|
||||
* DEPRECATED: Use `StartActivityMethod` instead.
|
||||
*/
|
||||
deprecated class ContextStartActivityMethod extends Method {
|
||||
ContextStartActivityMethod() {
|
||||
(this.hasName("startActivity") or this.hasName("startActivities")) and
|
||||
this.getDeclaringType() instanceof TypeContext
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The method `Context.startActivity`, `Context.startActivities`,
|
||||
* `Activity.startActivity`,`Activity.startActivities`,
|
||||
|
|
|
|||
|
|
@ -47,9 +47,6 @@ class CamelJavaDslToDecl extends ProcessorDefinitionElement {
|
|||
deprecated string getURI() { result = this.getUri() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslToDecl */
|
||||
deprecated class CamelJavaDSLToDecl = CamelJavaDslToDecl;
|
||||
|
||||
/**
|
||||
* A declaration of a "bean" target in the Apache Camel Java DSL.
|
||||
*
|
||||
|
|
@ -74,9 +71,6 @@ class CamelJavaDslBeanDecl extends ProcessorDefinitionElement {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslBeanDecl */
|
||||
deprecated class CamelJavaDSLBeanDecl = CamelJavaDslBeanDecl;
|
||||
|
||||
/**
|
||||
* A declaration of a "beanRef" target in the Apache Camel Java DSL.
|
||||
*
|
||||
|
|
@ -106,9 +100,6 @@ class CamelJavaDslBeanRefDecl extends ProcessorDefinitionElement {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslBeanRefDecl */
|
||||
deprecated class CamelJavaDSLBeanRefDecl = CamelJavaDslBeanRefDecl;
|
||||
|
||||
/**
|
||||
* A "method" Camel expression in the Apache Camel Java DSL.
|
||||
*
|
||||
|
|
@ -140,6 +131,3 @@ class CamelJavaDslMethodDecl extends MethodCall {
|
|||
else result = this.getArgument(0).getType()
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslMethodDecl */
|
||||
deprecated class CamelJavaDSLMethodDecl = CamelJavaDslMethodDecl;
|
||||
|
|
|
|||
|
|
@ -99,9 +99,6 @@ class JsniComment extends Javadoc {
|
|||
Method getImplementedMethod() { jsniComment(this, result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JsniComment */
|
||||
deprecated class JSNIComment = JsniComment;
|
||||
|
||||
/**
|
||||
* A JavaScript Native Interface (JSNI) method.
|
||||
*/
|
||||
|
|
@ -111,6 +108,3 @@ class JsniMethod extends Method {
|
|||
/** Gets the comment containing the JavaScript code for this method. */
|
||||
JsniComment getImplementation() { jsniComment(result, this) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JsniMethod */
|
||||
deprecated class JSNIMethod = JsniMethod;
|
||||
|
|
|
|||
|
|
@ -16,9 +16,6 @@ class OcniComment extends Javadoc {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniComment */
|
||||
deprecated class OCNIComment = OcniComment;
|
||||
|
||||
/** Auxiliary predicate: `ocni` is an OCNI comment associated with method `m`. */
|
||||
private predicate ocniComment(OcniComment ocni, Method m) {
|
||||
// The associated callable must be marked as `native` ...
|
||||
|
|
@ -40,9 +37,6 @@ class OcniMethodComment extends OcniComment {
|
|||
Method getImplementedMethod() { ocniComment(this, result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniMethodComment */
|
||||
deprecated class OCNIMethodComment = OcniMethodComment;
|
||||
|
||||
/**
|
||||
* An Objective-C Native Interface (OCNI) native import comment.
|
||||
*/
|
||||
|
|
@ -54,6 +48,3 @@ class OcniImport extends OcniComment {
|
|||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OcniImport */
|
||||
deprecated class OCNIImport = OcniImport;
|
||||
|
|
|
|||
|
|
@ -112,9 +112,6 @@ class SessionEjb extends EJB {
|
|||
EjbAnnotatedInitMethod getAnAnnotatedInitMethod() { this.inherits(result) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SessionEjb */
|
||||
deprecated class SessionEJB = SessionEjb;
|
||||
|
||||
/**
|
||||
* A stateful session EJB.
|
||||
*/
|
||||
|
|
@ -132,9 +129,6 @@ class StatefulSessionEjb extends SessionEjb {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for StatefulSessionEjb */
|
||||
deprecated class StatefulSessionEJB = StatefulSessionEjb;
|
||||
|
||||
/**
|
||||
* A stateless session EJB.
|
||||
*/
|
||||
|
|
@ -152,9 +146,6 @@ class StatelessSessionEjb extends SessionEjb {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for StatelessSessionEjb */
|
||||
deprecated class StatelessSessionEJB = StatelessSessionEjb;
|
||||
|
||||
/**
|
||||
* A message-driven EJB.
|
||||
*/
|
||||
|
|
@ -190,9 +181,6 @@ class EntityEjb extends EJB {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EntityEjb */
|
||||
deprecated class EntityEJB = EntityEjb;
|
||||
|
||||
/*
|
||||
* Business interfaces (applicable to session beans).
|
||||
*/
|
||||
|
|
@ -245,9 +233,6 @@ abstract class BusinessInterface extends Interface {
|
|||
/** Gets an EJB to which this business interface belongs. */
|
||||
abstract SessionEjb getAnEjb();
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Holds if this business interface is declared local. */
|
||||
abstract predicate isDeclaredLocal();
|
||||
|
||||
|
|
@ -274,9 +259,6 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
override predicate isDeclaredLocal() {
|
||||
exists(EjbJarXmlFile f |
|
||||
this.getQualifiedName() =
|
||||
|
|
@ -313,9 +295,6 @@ class AnnotatedBusinessInterface extends BusinessInterface {
|
|||
result.getAnAnnotation().(BusinessInterfaceAnnotation).getANamedType() = this
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface }
|
||||
|
||||
override predicate isDeclaredRemote() { this instanceof RemoteAnnotatedBusinessInterface }
|
||||
|
|
@ -449,9 +428,6 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
|
|||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy remote home interface. */
|
||||
|
|
@ -470,9 +446,6 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
|
|||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this }
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Gets a remote interface associated with this legacy remote home interface. */
|
||||
Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() }
|
||||
}
|
||||
|
|
@ -494,9 +467,6 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
|
|||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy local interface. */
|
||||
|
|
@ -522,9 +492,6 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
|
|||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/** A legacy local home interface. */
|
||||
|
|
@ -543,9 +510,6 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
|
|||
/** Gets an EJB to which this interface belongs. */
|
||||
SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this }
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/** Gets a local interface associated with this legacy local home interface. */
|
||||
Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() }
|
||||
}
|
||||
|
|
@ -567,9 +531,6 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
|
|||
result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters()
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -593,9 +554,6 @@ class RemoteInterface extends Interface {
|
|||
result.getARemoteInterface() = this
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getAnEjb */
|
||||
deprecated SessionEJB getAnEJB() { result = this.getAnEjb() }
|
||||
|
||||
/**
|
||||
* A "remote method" is a method that is available on the remote
|
||||
* interface (either because it's declared or inherited).
|
||||
|
|
@ -860,9 +818,6 @@ class EjbAnnotation extends Annotation {
|
|||
EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EjbAnnotation */
|
||||
deprecated class EJBAnnotation = EjbAnnotation;
|
||||
|
||||
/**
|
||||
* A `@javax.ejb.EJBs` annotation.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -13,9 +13,6 @@ class SslClass extends RefType {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslClass */
|
||||
deprecated class SSLClass = SslClass;
|
||||
|
||||
class X509TrustManager extends RefType {
|
||||
X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
|
||||
}
|
||||
|
|
@ -29,48 +26,30 @@ class SslSocketFactory extends RefType {
|
|||
SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslSocketFactory */
|
||||
deprecated class SSLSocketFactory = SslSocketFactory;
|
||||
|
||||
class SslContext extends RefType {
|
||||
SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslContext */
|
||||
deprecated class SSLContext = SslContext;
|
||||
|
||||
/** The `javax.net.ssl.SslSession` class. */
|
||||
class SslSession extends RefType {
|
||||
SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslSession */
|
||||
deprecated class SSLSession = SslSession;
|
||||
|
||||
/** The `javax.net.ssl.SslEngine` class. */
|
||||
class SslEngine extends RefType {
|
||||
SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslEngine */
|
||||
deprecated class SSLEngine = SslEngine;
|
||||
|
||||
/** The `javax.net.ssl.SslSocket` class. */
|
||||
class SslSocket extends RefType {
|
||||
SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslSocket */
|
||||
deprecated class SSLSocket = SslSocket;
|
||||
|
||||
/** The `javax.net.ssl.SslParameters` class. */
|
||||
class SslParameters extends RefType {
|
||||
SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SslParameters */
|
||||
deprecated class SSLParameters = SslParameters;
|
||||
|
||||
class HostnameVerifier extends RefType {
|
||||
HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +0,0 @@
|
|||
/**
|
||||
* Classes and predicates for working with suspicious character ranges.
|
||||
*/
|
||||
|
||||
private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
|
||||
// OverlyLargeRangeQuery should be used directly from the shared pack, and not from this file.
|
||||
deprecated import codeql.regex.OverlyLargeRangeQuery::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -265,9 +265,6 @@ Expr configOptionSupportDtd() {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for configOptionSupportDtd */
|
||||
deprecated Expr configOptionSupportDTD() { result = configOptionSupportDtd() }
|
||||
|
||||
/**
|
||||
* A safely configured `XmlInputFactory`.
|
||||
*/
|
||||
|
|
@ -747,9 +744,6 @@ Expr configAccessExternalDtd() {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for configAccessExternalDtd */
|
||||
deprecated Expr configAccessExternalDTD() { result = configAccessExternalDtd() }
|
||||
|
||||
/** A configuration specific for transformers. */
|
||||
Expr configAccessExternalStyleSheet() {
|
||||
result.(ConstantStringExpr).getStringValue() =
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
/**
|
||||
* This library implements the analysis described in the following two papers:
|
||||
*
|
||||
* James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for
|
||||
* Regular Expression Denial-of-Service Attacks. NSS 2013.
|
||||
* (https://arxiv.org/abs/1301.0849)
|
||||
* Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression
|
||||
* Exponential Runtime via Substructural Logics. 2014.
|
||||
* (https://www.cs.bham.ac.uk/~hxt/research/redos_full.pdf)
|
||||
*
|
||||
* The basic idea is to search for overlapping cycles in the NFA, that is,
|
||||
* states `q` such that there are two distinct paths from `q` to itself
|
||||
* that consume the same word `w`.
|
||||
*
|
||||
* For any such state `q`, an attack string can be constructed as follows:
|
||||
* concatenate a prefix `v` that takes the NFA to `q` with `n` copies of
|
||||
* the word `w` that leads back to `q` along two different paths, followed
|
||||
* by a suffix `x` that is _not_ accepted in state `q`. A backtracking
|
||||
* implementation will need to explore at least 2^n different ways of going
|
||||
* from `q` back to itself while trying to match the `n` copies of `w`
|
||||
* before finally giving up.
|
||||
*
|
||||
* Now in order to identify overlapping cycles, all we have to do is find
|
||||
* pumpable forks, that is, states `q` that can transition to two different
|
||||
* states `r1` and `r2` on the same input symbol `c`, such that there are
|
||||
* paths from both `r1` and `r2` to `q` that consume the same word. The latter
|
||||
* condition is equivalent to saying that `(q, q)` is reachable from `(r1, r2)`
|
||||
* in the product NFA.
|
||||
*
|
||||
* This is what the library does. It makes a simple attempt to construct a
|
||||
* prefix `v` leading into `q`, but only to improve the alert message.
|
||||
* And the library tries to prove the existence of a suffix that ensures
|
||||
* rejection. This check might fail, which can cause false positives.
|
||||
*
|
||||
* Finally, sometimes it depends on the translation whether the NFA generated
|
||||
* for a regular expression has a pumpable fork or not. We implement one
|
||||
* particular translation, which may result in false positives or negatives
|
||||
* relative to some particular JavaScript engine.
|
||||
*
|
||||
* More precisely, the library constructs an NFA from a regular expression `r`
|
||||
* as follows:
|
||||
*
|
||||
* * Every sub-term `t` gives rise to an NFA state `Match(t,i)`, representing
|
||||
* the state of the automaton before attempting to match the `i`th character in `t`.
|
||||
* * There is one accepting state `Accept(r)`.
|
||||
* * There is a special `AcceptAnySuffix(r)` state, which accepts any suffix string
|
||||
* by using an epsilon transition to `Accept(r)` and an any transition to itself.
|
||||
* * Transitions between states may be labelled with epsilon, or an abstract
|
||||
* input symbol.
|
||||
* * Each abstract input symbol represents a set of concrete input characters:
|
||||
* either a single character, a set of characters represented by a
|
||||
* character class, or the set of all characters.
|
||||
* * The product automaton is constructed lazily, starting with pair states
|
||||
* `(q, q)` where `q` is a fork, and proceeding along an over-approximate
|
||||
* step relation.
|
||||
* * The over-approximate step relation allows transitions along pairs of
|
||||
* abstract input symbols where the symbols have overlap in the characters they accept.
|
||||
* * Once a trace of pairs of abstract input symbols that leads from a fork
|
||||
* back to itself has been identified, we attempt to construct a concrete
|
||||
* string corresponding to it, which may fail.
|
||||
* * Lastly we ensure that any state reached by repeating `n` copies of `w` has
|
||||
* a suffix `x` (possible empty) that is most likely __not__ accepted.
|
||||
*/
|
||||
|
||||
private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
|
||||
// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
/**
|
||||
* Provides classes and predicates for constructing an NFA from
|
||||
* a regular expression, and various utilities for reasoning about
|
||||
* the resulting NFA.
|
||||
*
|
||||
* These utilities are used both by the ReDoS queries and by
|
||||
* other queries that benefit from reasoning about NFAs.
|
||||
*/
|
||||
|
||||
private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
|
||||
// NfaUtils should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
/**
|
||||
* This module implements the analysis described in the paper:
|
||||
* Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
|
||||
* Static Detection of DoS Vulnerabilities in
|
||||
* Programs that use Regular Expressions
|
||||
* (Extended Version).
|
||||
* (https://arxiv.org/pdf/1701.04045.pdf)
|
||||
*
|
||||
* Theorem 3 from the paper describes the basic idea.
|
||||
*
|
||||
* The following explains the idea using variables and predicate names that are used in the implementation:
|
||||
* We consider a pair of repetitions, which we will call `pivot` and `succ`.
|
||||
*
|
||||
* We create a product automaton of 3-tuples of states (see `StateTuple`).
|
||||
* There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton
|
||||
* iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three
|
||||
* transitions all match a shared character `char`. (see `getAThreewayIntersect`)
|
||||
*
|
||||
* We start a search in the product automaton at `(pivot, pivot, succ)`,
|
||||
* and search for a series of transitions (a `Trace`), such that we end
|
||||
* at `(pivot, succ, succ)` (see `isReachableFromStartTuple`).
|
||||
*
|
||||
* For example, consider the regular expression `/^\d*5\w*$/`.
|
||||
* The search will start at the tuple `(\d*, \d*, \w*)` and search
|
||||
* for a path to `(\d*, \w*, \w*)`.
|
||||
* This path exists, and consists of a single transition in the product automaton,
|
||||
* where the three corresponding NFA edges all match the character `"5"`.
|
||||
*
|
||||
* The start-state in the NFA has an any-transition to itself, this allows us to
|
||||
* flag regular expressions such as `/a*$/` - which does not have a start anchor -
|
||||
* and can thus start matching anywhere.
|
||||
*
|
||||
* The implementation is not perfect.
|
||||
* It has the same suffix detection issue as the `js/redos` query, which can cause false positives.
|
||||
* It also doesn't find all transitions in the product automaton, which can cause false negatives.
|
||||
*/
|
||||
|
||||
private import semmle.code.java.regex.RegexTreeView::RegexTreeView as TreeView
|
||||
// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -32,9 +32,6 @@ class XmlLocatable extends @xmllocatable, TXmlLocatable {
|
|||
string toString() { none() } // overridden in subclasses
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlLocatable */
|
||||
deprecated class XMLLocatable = XmlLocatable;
|
||||
|
||||
/**
|
||||
* An `XmlParent` is either an `XmlElement` or an `XmlFile`,
|
||||
* both of which can contain other elements.
|
||||
|
|
@ -95,9 +92,6 @@ class XmlParent extends @xmlparent {
|
|||
string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlParent */
|
||||
deprecated class XMLParent = XmlParent;
|
||||
|
||||
/** An XML file. */
|
||||
class XmlFile extends XmlParent, File {
|
||||
XmlFile() { xmlEncoding(this, _) }
|
||||
|
|
@ -119,14 +113,8 @@ class XmlFile extends XmlParent, File {
|
|||
|
||||
/** Gets a DTD associated with this XML file. */
|
||||
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
|
||||
|
||||
/** DEPRECATED: Alias for getADtd */
|
||||
deprecated XmlDtd getADTD() { result = this.getADtd() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlFile */
|
||||
deprecated class XMLFile = XmlFile;
|
||||
|
||||
/**
|
||||
* An XML document type definition (DTD).
|
||||
*
|
||||
|
|
@ -163,9 +151,6 @@ class XmlDtd extends XmlLocatable, @xmldtd {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlDtd */
|
||||
deprecated class XMLDTD = XmlDtd;
|
||||
|
||||
/**
|
||||
* An XML element in an XML file.
|
||||
*
|
||||
|
|
@ -221,9 +206,6 @@ class XmlElement extends @xmlelement, XmlParent, XmlLocatable {
|
|||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlElement */
|
||||
deprecated class XMLElement = XmlElement;
|
||||
|
||||
/**
|
||||
* An attribute that occurs inside an XML element.
|
||||
*
|
||||
|
|
@ -254,9 +236,6 @@ class XmlAttribute extends @xmlattribute, XmlLocatable {
|
|||
override string toString() { result = this.getName() + "=" + this.getValue() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlAttribute */
|
||||
deprecated class XMLAttribute = XmlAttribute;
|
||||
|
||||
/**
|
||||
* A namespace used in an XML file.
|
||||
*
|
||||
|
|
@ -273,9 +252,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
/** Gets the URI of this namespace. */
|
||||
string getUri() { xmlNs(this, _, result, _) }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = this.getUri() }
|
||||
|
||||
/** Holds if this namespace has no prefix. */
|
||||
predicate isDefault() { this.getPrefix() = "" }
|
||||
|
||||
|
|
@ -286,9 +262,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlNamespace */
|
||||
deprecated class XMLNamespace = XmlNamespace;
|
||||
|
||||
/**
|
||||
* A comment in an XML file.
|
||||
*
|
||||
|
|
@ -309,9 +282,6 @@ class XmlComment extends @xmlcomment, XmlLocatable {
|
|||
override string toString() { result = this.getText() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlComment */
|
||||
deprecated class XMLComment = XmlComment;
|
||||
|
||||
/**
|
||||
* A sequence of characters that occurs between opening and
|
||||
* closing tags of an XML element, excluding other elements.
|
||||
|
|
@ -335,6 +305,3 @@ class XmlCharacters extends @xmlcharacters, XmlLocatable {
|
|||
/** Gets a printable representation of this XML character sequence. */
|
||||
override string toString() { result = this.getCharacters() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlCharacters */
|
||||
deprecated class XMLCharacters = XmlCharacters;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`.
|
||||
* Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file.
|
||||
* Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`.
|
||||
* Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files.
|
||||
* Deleted the deprecated `Expressions/TypoDatabase.qll` file.
|
||||
|
|
@ -59,9 +59,6 @@ class Json2CsvTaintStep extends TaintTracking::SharedTaintStep {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Json2CsvTaintStep */
|
||||
deprecated class JSON2CSVTaintStep = Json2CsvTaintStep;
|
||||
|
||||
/**
|
||||
* A step through the [`prettyjson`](https://www.npmjs.com/package/prettyjson) library.
|
||||
* This is not quite a `JSON.stringify` call, as it e.g. does not wrap keys in double quotes.
|
||||
|
|
|
|||
|
|
@ -191,9 +191,6 @@ class PackageJson extends JsonObject {
|
|||
not result.matches("!%")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getWhitelistedCpu */
|
||||
deprecated string getWhitelistedCPU() { result = this.getWhitelistedCpu() }
|
||||
|
||||
/** Gets a platform not supported by this package. */
|
||||
string getBlacklistedCpu() {
|
||||
exists(string str | str = this.getCPUs().getElementStringValue(_) |
|
||||
|
|
@ -201,9 +198,6 @@ class PackageJson extends JsonObject {
|
|||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for getBlacklistedCpu */
|
||||
deprecated string getBlacklistedCPU() { result = this.getBlacklistedCpu() }
|
||||
|
||||
/** Holds if this package prefers to be installed globally. */
|
||||
predicate isPreferGlobal() { this.getPropValue("preferGlobal").(JsonBoolean).getValue() = "true" }
|
||||
|
||||
|
|
|
|||
|
|
@ -1036,15 +1036,6 @@ deprecated module RegExpPatterns {
|
|||
// according to ranking by http://google.com/search?q=site:.<<TLD>>
|
||||
result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a pattern that matches common top-level domain names in lower case.
|
||||
* DEPRECATED: use `getACommonTld` instead
|
||||
*/
|
||||
deprecated predicate commonTld = getACommonTld/0;
|
||||
|
||||
/** DEPRECATED: Alias for commonTld */
|
||||
deprecated predicate commonTLD = commonTld/0;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -758,6 +758,3 @@ module Ssa {
|
|||
/** Gets the SSA variable corresponding to `d`. */
|
||||
SsaVariable variable(VarDef d) { result.getDefinition() = definition(d) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ssa */
|
||||
deprecated module SSA = Ssa;
|
||||
|
|
|
|||
|
|
@ -295,9 +295,6 @@ class AsmJSDirective extends KnownDirective {
|
|||
AsmJSDirective() { this.getDirectiveText() = "use asm" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for AsmJSDirective */
|
||||
deprecated class ASMJSDirective = AsmJSDirective;
|
||||
|
||||
/**
|
||||
* A Babel directive.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -32,9 +32,6 @@ class XmlLocatable extends @xmllocatable, TXmlLocatable {
|
|||
string toString() { none() } // overridden in subclasses
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlLocatable */
|
||||
deprecated class XMLLocatable = XmlLocatable;
|
||||
|
||||
/**
|
||||
* An `XmlParent` is either an `XmlElement` or an `XmlFile`,
|
||||
* both of which can contain other elements.
|
||||
|
|
@ -95,9 +92,6 @@ class XmlParent extends @xmlparent {
|
|||
string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlParent */
|
||||
deprecated class XMLParent = XmlParent;
|
||||
|
||||
/** An XML file. */
|
||||
class XmlFile extends XmlParent, File {
|
||||
XmlFile() { xmlEncoding(this, _) }
|
||||
|
|
@ -119,14 +113,8 @@ class XmlFile extends XmlParent, File {
|
|||
|
||||
/** Gets a DTD associated with this XML file. */
|
||||
XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) }
|
||||
|
||||
/** DEPRECATED: Alias for getADtd */
|
||||
deprecated XmlDtd getADTD() { result = this.getADtd() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlFile */
|
||||
deprecated class XMLFile = XmlFile;
|
||||
|
||||
/**
|
||||
* An XML document type definition (DTD).
|
||||
*
|
||||
|
|
@ -163,9 +151,6 @@ class XmlDtd extends XmlLocatable, @xmldtd {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlDtd */
|
||||
deprecated class XMLDTD = XmlDtd;
|
||||
|
||||
/**
|
||||
* An XML element in an XML file.
|
||||
*
|
||||
|
|
@ -221,9 +206,6 @@ class XmlElement extends @xmlelement, XmlParent, XmlLocatable {
|
|||
override string toString() { result = this.getName() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlElement */
|
||||
deprecated class XMLElement = XmlElement;
|
||||
|
||||
/**
|
||||
* An attribute that occurs inside an XML element.
|
||||
*
|
||||
|
|
@ -254,9 +236,6 @@ class XmlAttribute extends @xmlattribute, XmlLocatable {
|
|||
override string toString() { result = this.getName() + "=" + this.getValue() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlAttribute */
|
||||
deprecated class XMLAttribute = XmlAttribute;
|
||||
|
||||
/**
|
||||
* A namespace used in an XML file.
|
||||
*
|
||||
|
|
@ -273,9 +252,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
/** Gets the URI of this namespace. */
|
||||
string getUri() { xmlNs(this, _, result, _) }
|
||||
|
||||
/** DEPRECATED: Alias for getUri */
|
||||
deprecated string getURI() { result = this.getUri() }
|
||||
|
||||
/** Holds if this namespace has no prefix. */
|
||||
predicate isDefault() { this.getPrefix() = "" }
|
||||
|
||||
|
|
@ -286,9 +262,6 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlNamespace */
|
||||
deprecated class XMLNamespace = XmlNamespace;
|
||||
|
||||
/**
|
||||
* A comment in an XML file.
|
||||
*
|
||||
|
|
@ -309,9 +282,6 @@ class XmlComment extends @xmlcomment, XmlLocatable {
|
|||
override string toString() { result = this.getText() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlComment */
|
||||
deprecated class XMLComment = XmlComment;
|
||||
|
||||
/**
|
||||
* A sequence of characters that occurs between opening and
|
||||
* closing tags of an XML element, excluding other elements.
|
||||
|
|
@ -335,6 +305,3 @@ class XmlCharacters extends @xmlcharacters, XmlLocatable {
|
|||
/** Gets a printable representation of this XML character sequence. */
|
||||
override string toString() { result = this.getCharacters() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for XmlCharacters */
|
||||
deprecated class XMLCharacters = XmlCharacters;
|
||||
|
|
|
|||
|
|
@ -65,48 +65,3 @@ deprecated class YAMLValue = YamlValue;
|
|||
|
||||
/** DEPRECATED: Alias for YamlScalar */
|
||||
deprecated class YAMLScalar = YamlScalar;
|
||||
|
||||
/** DEPRECATED: Alias for YamlInteger */
|
||||
deprecated class YAMLInteger = YamlInteger;
|
||||
|
||||
/** DEPRECATED: Alias for YamlFloat */
|
||||
deprecated class YAMLFloat = YamlFloat;
|
||||
|
||||
/** DEPRECATED: Alias for YamlTimestamp */
|
||||
deprecated class YAMLTimestamp = YamlTimestamp;
|
||||
|
||||
/** DEPRECATED: Alias for YamlBool */
|
||||
deprecated class YAMLBool = YamlBool;
|
||||
|
||||
/** DEPRECATED: Alias for YamlNull */
|
||||
deprecated class YAMLNull = YamlNull;
|
||||
|
||||
/** DEPRECATED: Alias for YamlString */
|
||||
deprecated class YAMLString = YamlString;
|
||||
|
||||
/** DEPRECATED: Alias for YamlMergeKey */
|
||||
deprecated class YAMLMergeKey = YamlMergeKey;
|
||||
|
||||
/** DEPRECATED: Alias for YamlInclude */
|
||||
deprecated class YAMLInclude = YamlInclude;
|
||||
|
||||
/** DEPRECATED: Alias for YamlCollection */
|
||||
deprecated class YAMLCollection = YamlCollection;
|
||||
|
||||
/** DEPRECATED: Alias for YamlMapping */
|
||||
deprecated class YAMLMapping = YamlMapping;
|
||||
|
||||
/** DEPRECATED: Alias for YamlSequence */
|
||||
deprecated class YAMLSequence = YamlSequence;
|
||||
|
||||
/** DEPRECATED: Alias for YamlAliasNode */
|
||||
deprecated class YAMLAliasNode = YamlAliasNode;
|
||||
|
||||
/** DEPRECATED: Alias for YamlDocument */
|
||||
deprecated class YAMLDocument = YamlDocument;
|
||||
|
||||
/** DEPRECATED: Alias for YamlParseError */
|
||||
deprecated class YAMLParseError = YamlParseError;
|
||||
|
||||
/** DEPRECATED: Alias for YamlMappingLikeNode */
|
||||
deprecated class YAMLMappingLikeNode = YamlMappingLikeNode;
|
||||
|
|
|
|||
|
|
@ -133,9 +133,6 @@ module Electron {
|
|||
override IpcDispatch getAReturnDispatch() { result.getCalleeName() = "sendSync" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for IpcSendRegistration */
|
||||
deprecated class IPCSendRegistration = IpcSendRegistration;
|
||||
|
||||
/**
|
||||
* A dispatch of an IPC event.
|
||||
* An IPC event is sent from the renderer to the main process.
|
||||
|
|
@ -171,9 +168,6 @@ module Electron {
|
|||
result.getEmitter() instanceof RendererProcess
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for IpcDispatch */
|
||||
deprecated class IPCDispatch = IpcDispatch;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -17,9 +17,6 @@ class EmscriptenStartAsmComment extends EmscriptenMarkerComment {
|
|||
EmscriptenStartAsmComment() { this.getText().trim() = "EMSCRIPTEN_START_ASM" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EmscriptenStartAsmComment */
|
||||
deprecated class EmscriptenStartASMComment = EmscriptenStartAsmComment;
|
||||
|
||||
/**
|
||||
* An `EMSCRIPTEN_START_FUNCS` marker comment.
|
||||
*/
|
||||
|
|
@ -34,9 +31,6 @@ class EmscriptenEndAsmComment extends EmscriptenMarkerComment {
|
|||
EmscriptenEndAsmComment() { this.getText().trim() = "EMSCRIPTEN_END_ASM" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for EmscriptenEndAsmComment */
|
||||
deprecated class EmscriptenEndASMComment = EmscriptenEndAsmComment;
|
||||
|
||||
/**
|
||||
* An `EMSCRIPTEN_END_FUNCS` marker comment.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -11,9 +11,6 @@ class GwtVersionVariable extends GlobalVariable {
|
|||
GwtVersionVariable() { this.getName() = "$gwt_version" }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtVersionVariable */
|
||||
deprecated class GWTVersionVariable = GwtVersionVariable;
|
||||
|
||||
/**
|
||||
* A GWT header script that defines the `$gwt_version` variable.
|
||||
*/
|
||||
|
|
@ -36,15 +33,9 @@ class GwtHeader extends InlineScript {
|
|||
deprecated string getGWTVersion() { result = this.getGwtVersion() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtHeader */
|
||||
deprecated class GWTHeader = GwtHeader;
|
||||
|
||||
/**
|
||||
* A toplevel in a file that appears to be GWT-generated.
|
||||
*/
|
||||
class GwtGeneratedTopLevel extends TopLevel {
|
||||
GwtGeneratedTopLevel() { exists(GwtHeader h | this.getFile() = h.getFile()) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtGeneratedTopLevel */
|
||||
deprecated class GWTGeneratedTopLevel = GwtGeneratedTopLevel;
|
||||
|
|
|
|||
|
|
@ -607,6 +607,3 @@ module Http {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Http */
|
||||
deprecated module HTTP = Http;
|
||||
|
|
|
|||
|
|
@ -37,9 +37,6 @@ class BddTest extends Test, @call_expr {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for BddTest */
|
||||
deprecated class BDDTest = BddTest;
|
||||
|
||||
/**
|
||||
* Gets the test file for `f` with stem extension `stemExt`, where `stemExt` is "test" or "spec".
|
||||
* That is, a file named `<base>.<stemExt>.<ext>` in the
|
||||
|
|
|
|||
|
|
@ -16,12 +16,6 @@ module CodeInjection {
|
|||
* A data flow sink for code injection vulnerabilities.
|
||||
*/
|
||||
abstract class Sink extends DataFlow::Node {
|
||||
/**
|
||||
* DEPRECATED: Use `getMessagePrefix()` instead.
|
||||
* Gets the substitute for `X` in the message `User-provided value flows to X`.
|
||||
*/
|
||||
deprecated string getMessageSuffix() { result = "this location and is interpreted as code" }
|
||||
|
||||
/**
|
||||
* Gets the prefix for the message `X depends on a user-provided value.`.
|
||||
*/
|
||||
|
|
@ -129,11 +123,6 @@ module CodeInjection {
|
|||
)
|
||||
}
|
||||
|
||||
deprecated override string getMessageSuffix() {
|
||||
result =
|
||||
"this location and is interpreted by " + templateType + ", which may evaluate it as code"
|
||||
}
|
||||
|
||||
override string getMessagePrefix() {
|
||||
result = "This " + templateType + " template, which may contain code,"
|
||||
}
|
||||
|
|
@ -321,10 +310,6 @@ module CodeInjection {
|
|||
|
||||
/** A sink for code injection via template injection. */
|
||||
abstract private class TemplateSink extends Sink {
|
||||
deprecated override string getMessageSuffix() {
|
||||
result = "this location and is interpreted as a template, which may contain code"
|
||||
}
|
||||
|
||||
override string getMessagePrefix() { result = "Template, which may contain code," }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,9 +19,6 @@ class HtmlSink extends DataFlow::Node instanceof Sink {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for HtmlSink */
|
||||
deprecated class HTMLSink = HtmlSink;
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about XSS.
|
||||
* Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks.
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
|
||||
|
||||
import javascript
|
||||
private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import
|
||||
|
||||
/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */
|
||||
deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery;
|
||||
|
|
@ -28,27 +28,6 @@ module ReflectedXss {
|
|||
HttpResponseSink() { not exists(getAXssSafeHeaderDefinition(this)) }
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Gets a HeaderDefinition that defines a non-html content-type for `send`.
|
||||
*/
|
||||
deprecated Http::HeaderDefinition getANonHtmlHeaderDefinition(Http::ResponseSendArgument send) {
|
||||
exists(Http::RouteHandler h |
|
||||
send.getRouteHandler() = h and
|
||||
result = nonHtmlContentTypeHeader(h)
|
||||
|
|
||||
// The HeaderDefinition affects a response sent at `send`.
|
||||
headerAffects(result, send)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Holds if `h` may send a response with a content type other than HTML.
|
||||
*/
|
||||
deprecated Http::HeaderDefinition nonHtmlContentTypeHeader(Http::RouteHandler h) {
|
||||
result = h.getAResponseHeader("content-type") and
|
||||
not exists(string tp | result.defines("content-type", tp) | tp.regexpMatch("(?i).*html.*"))
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a HeaderDefinition that defines a XSS safe content-type for `send`.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -87,9 +87,6 @@ module XssThroughDom {
|
|||
override string getPropertyName() { result = prop }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JQueryDomPropertySource */
|
||||
deprecated class JQueryDOMPropertySource = JQueryDomPropertySource;
|
||||
|
||||
/**
|
||||
* A source for text from the DOM from a `d3` method call.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
/**
|
||||
* This library implements the analysis described in the following two papers:
|
||||
*
|
||||
* James Kirrage, Asiri Rathnayake, Hayo Thielecke: Static Analysis for
|
||||
* Regular Expression Denial-of-Service Attacks. NSS 2013.
|
||||
* (https://arxiv.org/abs/1301.0849)
|
||||
* Asiri Rathnayake, Hayo Thielecke: Static Analysis for Regular Expression
|
||||
* Exponential Runtime via Substructural Logics. 2014.
|
||||
* (https://www.cs.bham.ac.uk/~hxt/research/redos_full.pdf)
|
||||
*
|
||||
* The basic idea is to search for overlapping cycles in the NFA, that is,
|
||||
* states `q` such that there are two distinct paths from `q` to itself
|
||||
* that consume the same word `w`.
|
||||
*
|
||||
* For any such state `q`, an attack string can be constructed as follows:
|
||||
* concatenate a prefix `v` that takes the NFA to `q` with `n` copies of
|
||||
* the word `w` that leads back to `q` along two different paths, followed
|
||||
* by a suffix `x` that is _not_ accepted in state `q`. A backtracking
|
||||
* implementation will need to explore at least 2^n different ways of going
|
||||
* from `q` back to itself while trying to match the `n` copies of `w`
|
||||
* before finally giving up.
|
||||
*
|
||||
* Now in order to identify overlapping cycles, all we have to do is find
|
||||
* pumpable forks, that is, states `q` that can transition to two different
|
||||
* states `r1` and `r2` on the same input symbol `c`, such that there are
|
||||
* paths from both `r1` and `r2` to `q` that consume the same word. The latter
|
||||
* condition is equivalent to saying that `(q, q)` is reachable from `(r1, r2)`
|
||||
* in the product NFA.
|
||||
*
|
||||
* This is what the library does. It makes a simple attempt to construct a
|
||||
* prefix `v` leading into `q`, but only to improve the alert message.
|
||||
* And the library tries to prove the existence of a suffix that ensures
|
||||
* rejection. This check might fail, which can cause false positives.
|
||||
*
|
||||
* Finally, sometimes it depends on the translation whether the NFA generated
|
||||
* for a regular expression has a pumpable fork or not. We implement one
|
||||
* particular translation, which may result in false positives or negatives
|
||||
* relative to some particular JavaScript engine.
|
||||
*
|
||||
* More precisely, the library constructs an NFA from a regular expression `r`
|
||||
* as follows:
|
||||
*
|
||||
* * Every sub-term `t` gives rise to an NFA state `Match(t,i)`, representing
|
||||
* the state of the automaton before attempting to match the `i`th character in `t`.
|
||||
* * There is one accepting state `Accept(r)`.
|
||||
* * There is a special `AcceptAnySuffix(r)` state, which accepts any suffix string
|
||||
* by using an epsilon transition to `Accept(r)` and an any transition to itself.
|
||||
* * Transitions between states may be labelled with epsilon, or an abstract
|
||||
* input symbol.
|
||||
* * Each abstract input symbol represents a set of concrete input characters:
|
||||
* either a single character, a set of characters represented by a
|
||||
* character class, or the set of all characters.
|
||||
* * The product automaton is constructed lazily, starting with pair states
|
||||
* `(q, q)` where `q` is a fork, and proceeding along an over-approximate
|
||||
* step relation.
|
||||
* * The over-approximate step relation allows transitions along pairs of
|
||||
* abstract input symbols where the symbols have overlap in the characters they accept.
|
||||
* * Once a trace of pairs of abstract input symbols that leads from a fork
|
||||
* back to itself has been identified, we attempt to construct a concrete
|
||||
* string corresponding to it, which may fail.
|
||||
* * Lastly we ensure that any state reached by repeating `n` copies of `w` has
|
||||
* a suffix `x` (possible empty) that is most likely __not__ accepted.
|
||||
*/
|
||||
|
||||
private import RegExpTreeView::RegExpTreeView as TreeView
|
||||
// ExponentialBackTracking should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.ExponentialBackTracking::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
/**
|
||||
* Provides classes and predicates for constructing an NFA from
|
||||
* a regular expression, and various utilities for reasoning about
|
||||
* the resulting NFA.
|
||||
*
|
||||
* These utilities are used both by the ReDoS queries and by
|
||||
* other queries that benefit from reasoning about NFAs.
|
||||
*/
|
||||
|
||||
private import RegExpTreeView::RegExpTreeView as TreeView
|
||||
// NfaUtils should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.NfaUtils::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
/**
|
||||
* This module implements the analysis described in the paper:
|
||||
* Valentin Wustholz, Oswaldo Olivo, Marijn J. H. Heule, and Isil Dillig:
|
||||
* Static Detection of DoS Vulnerabilities in
|
||||
* Programs that use Regular Expressions
|
||||
* (Extended Version).
|
||||
* (https://arxiv.org/pdf/1701.04045.pdf)
|
||||
*
|
||||
* Theorem 3 from the paper describes the basic idea.
|
||||
*
|
||||
* The following explains the idea using variables and predicate names that are used in the implementation:
|
||||
* We consider a pair of repetitions, which we will call `pivot` and `succ`.
|
||||
*
|
||||
* We create a product automaton of 3-tuples of states (see `StateTuple`).
|
||||
* There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton
|
||||
* iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three
|
||||
* transitions all match a shared character `char`. (see `getAThreewayIntersect`)
|
||||
*
|
||||
* We start a search in the product automaton at `(pivot, pivot, succ)`,
|
||||
* and search for a series of transitions (a `Trace`), such that we end
|
||||
* at `(pivot, succ, succ)` (see `isReachableFromStartTuple`).
|
||||
*
|
||||
* For example, consider the regular expression `/^\d*5\w*$/`.
|
||||
* The search will start at the tuple `(\d*, \d*, \w*)` and search
|
||||
* for a path to `(\d*, \w*, \w*)`.
|
||||
* This path exists, and consists of a single transition in the product automaton,
|
||||
* where the three corresponding NFA edges all match the character `"5"`.
|
||||
*
|
||||
* The start-state in the NFA has an any-transition to itself, this allows us to
|
||||
* flag regular expressions such as `/a*$/` - which does not have a start anchor -
|
||||
* and can thus start matching anywhere.
|
||||
*
|
||||
* The implementation is not perfect.
|
||||
* It has the same suffix detection issue as the `js/redos` query, which can cause false positives.
|
||||
* It also doesn't find all transitions in the product automaton, which can cause false negatives.
|
||||
*/
|
||||
|
||||
private import RegExpTreeView::RegExpTreeView as TreeView
|
||||
// SuperlinearBackTracking should be used directly from the shared pack, and not from this file.
|
||||
deprecated private import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as Dep
|
||||
import Dep
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
import codeql.typos.TypoDatabase as DB
|
||||
|
||||
/** DEPRECATED: Use the `codeql/typos` pack instead. */
|
||||
deprecated predicate typos = DB::typos/2;
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead.
|
||||
* Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead.
|
||||
* Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library.
|
||||
* Deleted various deprecated predicates from the points-to libraries.
|
||||
* Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files.
|
||||
|
|
@ -26,7 +26,6 @@ import semmle.python.types.FunctionObject
|
|||
import semmle.python.types.ModuleObject
|
||||
import semmle.python.types.Version
|
||||
import semmle.python.types.Descriptors
|
||||
import semmle.python.protocols
|
||||
import semmle.python.SSA
|
||||
import semmle.python.SelfAttribute
|
||||
import semmle.python.types.Properties
|
||||
|
|
|
|||
|
|
@ -685,9 +685,6 @@ module Ldap {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Ldap */
|
||||
deprecated module LDAP = Ldap;
|
||||
|
||||
/**
|
||||
* A data-flow node that escapes meta-characters, which could be used to prevent
|
||||
* injection attacks.
|
||||
|
|
@ -1157,9 +1154,6 @@ module Http {
|
|||
// remote-flow-sources in general.
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Http */
|
||||
deprecated module HTTP = Http;
|
||||
|
||||
/**
|
||||
* Provides models for cryptographic things.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -386,8 +386,6 @@ deprecated module StepSummary {
|
|||
smallstepCall(nodeFrom, nodeTo, summary)
|
||||
}
|
||||
|
||||
deprecated predicate localSourceStoreStep = flowsToStoreStep/3;
|
||||
|
||||
/** Gets the step summary for a level step. */
|
||||
StepSummary levelStep() { result = LevelStep() }
|
||||
|
||||
|
|
|
|||
|
|
@ -88,15 +88,6 @@ module SsaSource {
|
|||
lhs.getBasicBlock().dominates(defn.getBasicBlock())
|
||||
}
|
||||
|
||||
/** Holds if `v` is defined by a `for` statement, the definition being `defn` */
|
||||
cached
|
||||
deprecated predicate iteration_defined_variable(
|
||||
Variable v, ControlFlowNode defn, ControlFlowNode sequence
|
||||
) {
|
||||
exists(ForNode for | for.iterates(defn, sequence)) and
|
||||
defn.(NameNode).defines(v)
|
||||
}
|
||||
|
||||
/** Holds if `v` is a parameter variable and `defn` is the CFG node for that parameter. */
|
||||
cached
|
||||
predicate parameter_definition(Variable v, ControlFlowNode defn) {
|
||||
|
|
|
|||
|
|
@ -1154,9 +1154,6 @@ module PrivateDjango {
|
|||
/** Gets a reference to the `django.http` module. */
|
||||
API::Node http() { result = django().getMember("http") }
|
||||
|
||||
/** DEPRECATED: Alias for `DjangoHttp` */
|
||||
deprecated module http = DjangoHttp;
|
||||
|
||||
/** Provides models for the `django.http` module */
|
||||
module DjangoHttp {
|
||||
// ---------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -166,9 +166,6 @@ module Starlette {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for Url */
|
||||
deprecated module URL = Url;
|
||||
|
||||
/**
|
||||
* A call to the `starlette.responses.FileResponse` constructor as a sink for Filesystem access.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1967,14 +1967,8 @@ module StdlibPrivate {
|
|||
result = cgiHttpServer().getMember("CGIHTTPRequestHandler")
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CgiHttpRequestHandler */
|
||||
deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CgiHttpServer */
|
||||
deprecated module CGIHTTPServer = CgiHttpServer;
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// http (Python 3 only)
|
||||
// ---------------------------------------------------------------------------
|
||||
|
|
@ -2042,9 +2036,6 @@ module StdlibPrivate {
|
|||
*/
|
||||
deprecated API::Node classRef() { result = server().getMember("CGIHTTPRequestHandler") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CgiHttpRequestHandler */
|
||||
deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -2233,9 +2224,6 @@ module StdlibPrivate {
|
|||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for WsgiEnvirontParameter */
|
||||
deprecated class WSGIEnvirontParameter = WsgiEnvirontParameter;
|
||||
|
||||
/**
|
||||
* Gets a reference to the parameter of a `WsgirefSimpleServerApplication` that
|
||||
* takes the `start_response` function.
|
||||
|
|
|
|||
|
|
@ -333,36 +333,6 @@ predicate call3(
|
|||
arg2 = call.getArg(2)
|
||||
}
|
||||
|
||||
bindingset[self, function]
|
||||
deprecated predicate method_binding(
|
||||
AttrNode instantiation, ObjectInternal self, CallableObjectInternal function,
|
||||
PointsToContext context
|
||||
) {
|
||||
exists(ObjectInternal obj, string name | receiver(instantiation, context, obj, name) |
|
||||
exists(ObjectInternal cls |
|
||||
cls = obj.getClass() and
|
||||
cls != ObjectInternal::superType() and
|
||||
cls.attribute(name, function, _) and
|
||||
self = obj
|
||||
)
|
||||
or
|
||||
exists(SuperInstance sup, ClassObjectInternal decl |
|
||||
sup = obj and
|
||||
decl = Types::getMro(self.getClass()).startingAt(sup.getStartClass()).findDeclaringClass(name) and
|
||||
Types::declaredAttribute(decl, name, function, _) and
|
||||
self = sup.getSelf()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
/** Helper for method_binding */
|
||||
pragma[noinline]
|
||||
deprecated predicate receiver(
|
||||
AttrNode instantiation, PointsToContext context, ObjectInternal obj, string name
|
||||
) {
|
||||
PointsToInternal::pointsTo(instantiation.getObject(name), context, obj, _)
|
||||
}
|
||||
|
||||
/** Helper self parameters: `def meth(self, ...): ...`. */
|
||||
pragma[noinline]
|
||||
private predicate self_parameter(
|
||||
|
|
|
|||
|
|
@ -13,123 +13,6 @@ import semmle.python.essa.SsaDefinitions
|
|||
private import semmle.python.types.Builtins
|
||||
private import semmle.python.internal.CachedStages
|
||||
|
||||
deprecated module BasePointsTo {
|
||||
/** INTERNAL -- Use n.refersTo(value, _, origin) instead */
|
||||
pragma[noinline]
|
||||
predicate points_to(ControlFlowNode f, Object value, ControlFlowNode origin) {
|
||||
(
|
||||
f.isLiteral() and value = f and not f.getNode() instanceof ImmutableLiteral
|
||||
or
|
||||
f.isFunction() and value = f
|
||||
) and
|
||||
origin = f
|
||||
}
|
||||
}
|
||||
|
||||
/** Gets the kwargs parameter (`**kwargs`). In a function definition this is always a dict. */
|
||||
deprecated predicate kwargs_points_to(ControlFlowNode f, ClassObject cls) {
|
||||
exists(Function func | func.getKwarg() = f.getNode()) and
|
||||
cls = theDictType()
|
||||
}
|
||||
|
||||
/** Gets the varargs parameter (`*varargs`). In a function definition this is always a tuple. */
|
||||
deprecated predicate varargs_points_to(ControlFlowNode f, ClassObject cls) {
|
||||
exists(Function func | func.getVararg() = f.getNode()) and
|
||||
cls = theTupleType()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the class of the object for simple cases, namely constants, functions,
|
||||
* comprehensions and built-in objects.
|
||||
*
|
||||
* This exists primarily for internal use. Use getAnInferredType() instead.
|
||||
*/
|
||||
pragma[noinline]
|
||||
deprecated ClassObject simple_types(Object obj) {
|
||||
result = comprehension(obj.getOrigin())
|
||||
or
|
||||
result = collection_literal(obj.getOrigin())
|
||||
or
|
||||
obj.getOrigin() instanceof CallableExpr and result = thePyFunctionType()
|
||||
or
|
||||
obj.getOrigin() instanceof Module and result = theModuleType()
|
||||
or
|
||||
result.asBuiltin() = obj.asBuiltin().getClass()
|
||||
or
|
||||
obj = unknownValue() and result = theUnknownType()
|
||||
}
|
||||
|
||||
deprecated private ClassObject comprehension(Expr e) {
|
||||
e instanceof ListComp and result = theListType()
|
||||
or
|
||||
e instanceof SetComp and result = theSetType()
|
||||
or
|
||||
e instanceof DictComp and result = theDictType()
|
||||
or
|
||||
e instanceof GeneratorExp and result = theGeneratorType()
|
||||
}
|
||||
|
||||
deprecated private ClassObject collection_literal(Expr e) {
|
||||
e instanceof List and result = theListType()
|
||||
or
|
||||
e instanceof Set and result = theSetType()
|
||||
or
|
||||
e instanceof Dict and result = theDictType()
|
||||
or
|
||||
e instanceof Tuple and result = theTupleType()
|
||||
}
|
||||
|
||||
deprecated private int tuple_index_value(Object t, int i) {
|
||||
result = t.(TupleNode).getElement(i).getNode().(Num).getN().toInt()
|
||||
or
|
||||
exists(Object item |
|
||||
py_citems(t, i, item) and
|
||||
result = item.(NumericObject).intValue()
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
deprecated int version_tuple_value(Object t) {
|
||||
not exists(tuple_index_value(t, 1)) and result = tuple_index_value(t, 0) * 10
|
||||
or
|
||||
not exists(tuple_index_value(t, 2)) and
|
||||
result = tuple_index_value(t, 0) * 10 + tuple_index_value(t, 1)
|
||||
or
|
||||
tuple_index_value(t, 2) = 0 and result = tuple_index_value(t, 0) * 10 + tuple_index_value(t, 1)
|
||||
or
|
||||
tuple_index_value(t, 2) > 0 and
|
||||
result = tuple_index_value(t, 0) * 10 + tuple_index_value(t, 1) + 1
|
||||
}
|
||||
|
||||
/** Choose a version numbers that represent the extreme of supported versions. */
|
||||
deprecated private int major_minor() {
|
||||
if major_version() = 3
|
||||
then (
|
||||
result = 33 or result = 37
|
||||
) else (
|
||||
// 3.3 to 3.7
|
||||
result = 25 or result = 27
|
||||
) // 2.5 to 2.7
|
||||
}
|
||||
|
||||
/** Compares the given tuple object to both the maximum and minimum possible sys.version_info values */
|
||||
deprecated int version_tuple_compare(Object t) {
|
||||
version_tuple_value(t) < major_minor() and result = -1
|
||||
or
|
||||
version_tuple_value(t) = major_minor() and result = 0
|
||||
or
|
||||
version_tuple_value(t) > major_minor() and result = 1
|
||||
}
|
||||
|
||||
/** Holds if `cls` is a new-style class if it were to have no explicit base classes */
|
||||
deprecated predicate baseless_is_new_style(ClassObject cls) {
|
||||
cls.isBuiltin()
|
||||
or
|
||||
major_version() = 3 and exists(cls)
|
||||
or
|
||||
exists(cls.declaredMetaClass())
|
||||
}
|
||||
|
||||
/*
|
||||
* The following predicates exist in order to provide
|
||||
* more precise type information than the underlying
|
||||
|
|
@ -159,49 +42,6 @@ private predicate class_defines_name(Class cls, string name) {
|
|||
exists(SsaVariable var | name = var.getId() and var.getAUse() = cls.getANormalExit())
|
||||
}
|
||||
|
||||
/** Gets a return value CFG node, provided that is safe to track across returns */
|
||||
deprecated ControlFlowNode safe_return_node(PyFunctionObject func) {
|
||||
result = func.getAReturnedNode() and
|
||||
// Not a parameter
|
||||
not exists(Parameter p, SsaVariable pvar |
|
||||
p.asName().getAFlowNode() = pvar.getDefinition() and
|
||||
result = pvar.getAUse()
|
||||
) and
|
||||
// No alternatives
|
||||
not exists(ControlFlowNode branch | branch.isBranch() and branch.getScope() = func.getFunction())
|
||||
}
|
||||
|
||||
/** Holds if it can be determined from the control flow graph alone that this function can never return */
|
||||
deprecated predicate function_can_never_return(FunctionObject func) {
|
||||
/*
|
||||
* A Python function never returns if it has no normal exits that are not dominated by a
|
||||
* call to a function which itself never returns.
|
||||
*/
|
||||
|
||||
exists(Function f |
|
||||
f = func.getFunction() and
|
||||
not exists(f.getAnExitNode())
|
||||
)
|
||||
or
|
||||
func = ModuleObject::named("sys").attr("exit")
|
||||
}
|
||||
|
||||
/** Hold if outer contains inner, both are contained within a test and inner is a use is a plain use or an attribute lookup */
|
||||
pragma[noinline]
|
||||
deprecated predicate contains_interesting_expression_within_test(
|
||||
ControlFlowNode outer, ControlFlowNode inner
|
||||
) {
|
||||
inner.isLoad() and
|
||||
exists(ControlFlowNode test |
|
||||
outer.getAChild*() = inner and
|
||||
test_contains(test, outer) and
|
||||
test_contains(test, inner)
|
||||
|
|
||||
inner instanceof NameNode or
|
||||
inner instanceof AttrNode
|
||||
)
|
||||
}
|
||||
|
||||
/** Hold if `expr` is a test (a branch) and `use` is within that test */
|
||||
predicate test_contains(ControlFlowNode expr, ControlFlowNode use) {
|
||||
expr.getNode() instanceof Expr and
|
||||
|
|
@ -209,31 +49,6 @@ predicate test_contains(ControlFlowNode expr, ControlFlowNode use) {
|
|||
expr.getAChild*() = use
|
||||
}
|
||||
|
||||
/** Holds if `test` is a test (a branch), `use` is within that test and `def` is an edge from that test with `sense` */
|
||||
deprecated predicate refinement_test(
|
||||
ControlFlowNode test, ControlFlowNode use, boolean sense, PyEdgeRefinement def
|
||||
) {
|
||||
/*
|
||||
* Because calls such as `len` may create a new variable, we need to go via the source variable
|
||||
* That is perfectly safe as we are only dealing with calls that do not mutate their arguments.
|
||||
*/
|
||||
|
||||
use = def.getInput().getSourceVariable().(Variable).getAUse() and
|
||||
test = def.getPredecessor().getLastNode() and
|
||||
test_contains(test, use) and
|
||||
sense = def.getSense()
|
||||
}
|
||||
|
||||
/** Holds if `f` is an import of the form `from .[...] import name` and the enclosing scope is an __init__ module */
|
||||
pragma[noinline]
|
||||
deprecated predicate live_import_from_dot_in_init(ImportMemberNode f, EssaVariable var) {
|
||||
exists(string name |
|
||||
import_from_dot_in_init(f.getModule(name)) and
|
||||
var.getSourceVariable().getName() = name and
|
||||
var.getAUse() = f
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if `f` is an import of the form `from .[...] import ...` and the enclosing scope is an __init__ module */
|
||||
predicate import_from_dot_in_init(ImportExprNode f) {
|
||||
f.getScope() = any(Module m).getInitModule() and
|
||||
|
|
@ -251,30 +66,6 @@ Object undefinedVariable() { py_special_objects(result, "_semmle_undefined_value
|
|||
/** Gets the pseudo-object representing an unknown value */
|
||||
Object unknownValue() { result.asBuiltin() = Builtin::unknown() }
|
||||
|
||||
deprecated BuiltinCallable theTypeNewMethod() {
|
||||
result.asBuiltin() = theTypeType().asBuiltin().getMember("__new__")
|
||||
}
|
||||
|
||||
/** Gets the `value, cls, origin` that `f` would refer to if it has not been assigned some other value */
|
||||
pragma[noinline]
|
||||
deprecated predicate potential_builtin_points_to(
|
||||
NameNode f, Object value, ClassObject cls, ControlFlowNode origin
|
||||
) {
|
||||
f.isGlobal() and
|
||||
f.isLoad() and
|
||||
origin = f and
|
||||
(
|
||||
builtin_name_points_to(f.getId(), value, cls)
|
||||
or
|
||||
not exists(Object::builtin(f.getId())) and value = unknownValue() and cls = theUnknownType()
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
deprecated predicate builtin_name_points_to(string name, Object value, ClassObject cls) {
|
||||
value = Object::builtin(name) and cls.asBuiltin() = value.asBuiltin().getClass()
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate essa_var_scope(SsaSourceVariable var, Scope pred_scope, EssaVariable pred_var) {
|
||||
BaseFlow::reaches_exit(pred_var) and
|
||||
|
|
@ -331,48 +122,3 @@ module BaseFlow {
|
|||
scope_entry_value_transfer_through_init(pred_var, pred_scope, succ_def, succ_scope)
|
||||
}
|
||||
}
|
||||
|
||||
/** Points-to for syntactic elements where context is not relevant */
|
||||
deprecated predicate simple_points_to(
|
||||
ControlFlowNode f, Object value, ClassObject cls, ControlFlowNode origin
|
||||
) {
|
||||
kwargs_points_to(f, cls) and value = f and origin = f
|
||||
or
|
||||
varargs_points_to(f, cls) and value = f and origin = f
|
||||
or
|
||||
BasePointsTo::points_to(f, value, origin) and cls = simple_types(value)
|
||||
or
|
||||
value = f.getNode().(ImmutableLiteral).getLiteralObject() and
|
||||
cls = simple_types(value) and
|
||||
origin = f
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `bit` is a binary expression node with a bitwise operator.
|
||||
* Helper for `this_binary_expr_points_to`.
|
||||
*/
|
||||
deprecated predicate bitwise_expression_node(
|
||||
BinaryExprNode bit, ControlFlowNode left, ControlFlowNode right
|
||||
) {
|
||||
exists(Operator op | op = bit.getNode().getOp() |
|
||||
op instanceof BitAnd or
|
||||
op instanceof BitOr or
|
||||
op instanceof BitXor
|
||||
) and
|
||||
left = bit.getLeft() and
|
||||
right = bit.getRight()
|
||||
}
|
||||
|
||||
deprecated private Module theCollectionsAbcModule() {
|
||||
result.getName() = "_abcoll"
|
||||
or
|
||||
result.getName() = "_collections_abc"
|
||||
}
|
||||
|
||||
deprecated ClassObject collectionsAbcClass(string name) {
|
||||
exists(Class cls |
|
||||
result.getPyClass() = cls and
|
||||
cls.getName() = name and
|
||||
cls.getScope() = theCollectionsAbcModule()
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,12 +12,6 @@ predicate hasattr(CallNode c, ControlFlowNode obj, string attr) {
|
|||
c.getArg(1).getNode().(StrConst).getText() = attr
|
||||
}
|
||||
|
||||
/** Holds if `c` is a call to `callable(obj)`. */
|
||||
deprecated predicate is_callable(CallNode c, ControlFlowNode obj) {
|
||||
c.getFunction().(NameNode).getId() = "callable" and
|
||||
obj = c.getArg(0)
|
||||
}
|
||||
|
||||
/** Holds if `c` is a call to `isinstance(use, cls)`. */
|
||||
predicate isinstance(CallNode fc, ControlFlowNode cls, ControlFlowNode use) {
|
||||
fc.getFunction().(NameNode).getId() = "isinstance" and
|
||||
|
|
@ -25,13 +19,6 @@ predicate isinstance(CallNode fc, ControlFlowNode cls, ControlFlowNode use) {
|
|||
fc.getArg(0) = use
|
||||
}
|
||||
|
||||
/** Holds if `c` is a call to `issubclass(use, cls)`. */
|
||||
deprecated predicate issubclass(CallNode fc, ControlFlowNode cls, ControlFlowNode use) {
|
||||
fc.getFunction().(NameNode).getId() = "issubclass" and
|
||||
fc.getArg(0) = use and
|
||||
cls = fc.getArg(1)
|
||||
}
|
||||
|
||||
/** Holds if `c` is a test comparing `x` and `y`. `is` is true if the operator is `is` or `==`, it is false if the operator is `is not` or `!=`. */
|
||||
predicate equality_test(CompareNode c, ControlFlowNode x, boolean is, ControlFlowNode y) {
|
||||
exists(Cmpop op |
|
||||
|
|
|
|||
|
|
@ -122,10 +122,6 @@ private newtype TPointsToContext =
|
|||
} or
|
||||
TObjectContext(SelfInstanceInternal object)
|
||||
|
||||
deprecated module Context {
|
||||
PointsToContext forObject(ObjectInternal object) { result = TObjectContext(object) }
|
||||
}
|
||||
|
||||
/**
|
||||
* A points-to context. Context can be one of:
|
||||
* * "main": Used for scripts.
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
import python
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isIterator() instead. */
|
||||
deprecated predicate is_iterator(ClassObject c) { c.isIterator() }
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isIterable() instead. */
|
||||
deprecated predicate is_iterable(ClassObject c) { c.isIterable() }
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isCollection() instead. */
|
||||
deprecated predicate is_collection(ClassObject c) { c.isCollection() }
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isMapping() instead. */
|
||||
deprecated predicate is_mapping(ClassObject c) { c.isMapping() }
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isSequence() instead. */
|
||||
deprecated predicate is_sequence(ClassObject c) { c.isSequence() }
|
||||
|
||||
/** Retained for backwards compatibility use ClassObject.isContextManager() instead. */
|
||||
deprecated predicate is_context_manager(ClassObject c) { c.isContextManager() }
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
/**
|
||||
* Provides predicates for reasoning about bad tag filter vulnerabilities.
|
||||
*/
|
||||
|
||||
private import semmle.python.RegexTreeView::RegexTreeView as TreeView
|
||||
// BadTagFilterQuery should be used directly from the shared pack, and not from this file.
|
||||
deprecated import codeql.regex.nfa.BadTagFilterQuery::Make<TreeView> as Dep
|
||||
import Dep
|
||||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче