diff --git a/change-notes/1.20/analysis-javascript.md b/change-notes/1.20/analysis-javascript.md index 0fc074c80064..9a20f041fd60 100644 --- a/change-notes/1.20/analysis-javascript.md +++ b/change-notes/1.20/analysis-javascript.md @@ -36,3 +36,4 @@ * `DataFlow::SourceNode` is no longer an abstract class; to add new source nodes, extend `DataFlow::SourceNode::Range` instead. * Subclasses of `DataFlow::PropRead` are no longer automatically made source nodes; you now need to additionally define a corresponding subclass of `DataFlow::SourceNode::Range` to achieve this. +* The deprecated libraries `semmle.javascript.DataFlow` and `semmle.javascript.dataflow.CallGraph` have been removed; they are both superseded by `semmle.javascript.dataflow.DataFlow`. diff --git a/javascript/ql/src/javascript.qll b/javascript/ql/src/javascript.qll index 71a991be843a..ca6327571151 100644 --- a/javascript/ql/src/javascript.qll +++ b/javascript/ql/src/javascript.qll @@ -11,7 +11,6 @@ import semmle.javascript.Classes import semmle.javascript.Comments import semmle.javascript.Concepts import semmle.javascript.Constants -import semmle.javascript.DataFlow import semmle.javascript.DefUse import semmle.javascript.DOM import semmle.javascript.EmailClients @@ -49,7 +48,6 @@ import semmle.javascript.Util import semmle.javascript.Variables import semmle.javascript.XML import semmle.javascript.YAML -import semmle.javascript.dataflow.CallGraph import semmle.javascript.dataflow.DataFlow import semmle.javascript.dataflow.TaintTracking import semmle.javascript.dataflow.TypeInference diff --git a/javascript/ql/src/semmle/javascript/AMD.qll b/javascript/ql/src/semmle/javascript/AMD.qll index c66d460c7ebd..0323154e1dce 100644 --- a/javascript/ql/src/semmle/javascript/AMD.qll +++ b/javascript/ql/src/semmle/javascript/AMD.qll @@ -51,14 +51,6 @@ class AMDModuleDefinition extends CallExpr { result = getARequireCall().getAnArgument() } - /** - * DEPRECATED: Use `getFactoryNode` instead. - * - * Gets the factory expression of this module definition, - * which may be a function or a literal. - */ - deprecated Expr getFactoryExpr() { result = getFactoryNode().asExpr() } - /** * Gets a data flow node containing the factory value of this module definition. */ diff --git a/javascript/ql/src/semmle/javascript/CanonicalNames.qll b/javascript/ql/src/semmle/javascript/CanonicalNames.qll index 1a07016e0ef0..6e2d90f7b249 100644 --- a/javascript/ql/src/semmle/javascript/CanonicalNames.qll +++ b/javascript/ql/src/semmle/javascript/CanonicalNames.qll @@ -221,13 +221,6 @@ class TypeName extends CanonicalName { */ TypeReference getATypeReference() { result.getTypeName() = this } - /** - * DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead. - * - * Gets the qualified name without the root. - */ - deprecated string getQualifiedName() { result = getRelativeName() } - /** * Gets a type named in the `extends` or `implements` clause of this type. */ @@ -265,13 +258,6 @@ class Namespace extends CanonicalName { */ NamespaceAccess getAnAccess() { result.getNamespace() = this } - /** - * DEPRECATED. Use `getRelativeName()` or `hasQualifiedName()` instead. - * - * Gets the qualified name without the root. - */ - deprecated string getQualifiedName() { result = getRelativeName() } - /** Gets a namespace nested in this one. */ Namespace getNamespaceMember(string name) { result.getParent() = this and diff --git a/javascript/ql/src/semmle/javascript/Comments.qll b/javascript/ql/src/semmle/javascript/Comments.qll index c478525fac59..e9e8ed89cc9c 100644 --- a/javascript/ql/src/semmle/javascript/Comments.qll +++ b/javascript/ql/src/semmle/javascript/Comments.qll @@ -44,15 +44,6 @@ class HtmlCommentStart extends @htmlcommentstart, HtmlLineComment { } /** An HTML comment end token interpreted as a line comment. */ class HtmlCommentEnd extends @htmlcommentend, HtmlLineComment { } -/** DERECATED: Use `HtmlLineComment` instead. */ -deprecated class HTMLComment = HtmlLineComment; - -/** DERECATED: Use `HtmlCommentStart` instead. */ -deprecated class HTMLCommentStart = HtmlCommentStart; - -/** DERECATED: Use `HtmlCommentEnd` instead. */ -deprecated class HTMLCommentEnd = HtmlCommentEnd; - /** A `//` comment. */ class SlashSlashComment extends @slashslashcomment, LineComment { } diff --git a/javascript/ql/src/semmle/javascript/DataFlow.qll b/javascript/ql/src/semmle/javascript/DataFlow.qll deleted file mode 100644 index d991ed244c48..000000000000 --- a/javascript/ql/src/semmle/javascript/DataFlow.qll +++ /dev/null @@ -1,591 +0,0 @@ -/** - * DEPRECATED: Use the new data flow library instead. - * - * Provides a class `DataFlowNode` for working with a data flow graph-based - * program representation. - * - * We distinguish between _local flow_ and _non-local flow_. - * - * Local flow only considers three kinds of data flow: - * - * 1. Flow within an expression, for example from the operands of a `&&` - * expression to the expression itself. - * 2. Flow through local variables, that is, from definitions to uses. - * Captured variables are treated flow-insensitively, that is, all - * definitions are considered to flow to all uses, while for non-captured - * variables only definitions that can actually reach a use are considered. - * 3. Flow into and out of immediately invoked function expressions, that is, - * flow from arguments to parameters, and from returned expressions to the - * function expression itself. - * - * Non-local flow additionally tracks data flow through global variables. - * - * Flow through object properties or function calls is not modelled (except - * for immediately invoked functions as explained above). - */ - -import javascript - -/** - * DEPRECATED: Use `DataFlow::Node` instead. - * - * An expression or function/class declaration, viewed as a node in a data flow graph. - */ -deprecated class DataFlowNode extends @dataflownode { - /** - * Gets another flow node from which data may flow to this node in one local step. - */ - cached - DataFlowNode localFlowPred() { - // to be overridden by subclasses - none() - } - - /** - * Gets another flow node from which data may flow to this node in one non-local step. - */ - DataFlowNode nonLocalFlowPred() { - // to be overridden by subclasses - none() - } - - /** - * Gets another flow node from which data may flow to this node in one step, - * either locally or non-locally. - */ - DataFlowNode flowPred() { result = localFlowPred() or result = nonLocalFlowPred() } - - /** - * Gets a source flow node (that is, a node without a `localFlowPred()`) from which data - * may flow to this node in zero or more local steps. - */ - cached - deprecated DataFlowNode getALocalSource() { - isLocalSource(result) and - ( - result = this - or - locallyReachable(result, this) - ) - } - - /** - * Gets a source flow node (that is, a node without a `flowPred()`) from which data - * may flow to this node in zero or more steps, considering both local and non-local flow. - */ - DataFlowNode getASource() { - if exists(flowPred()) then result = flowPred().getASource() else result = this - } - - /** - * Holds if the flow information for this node is incomplete. - * - * This predicate holds if there may be a source flow node from which data flows into - * this node, but that node is not a result of `getASource()` due to analysis incompleteness. - * The parameter `cause` is bound to a string describing the source of incompleteness. - * - * For example, since this analysis is intra-procedural, data flow from actual arguments - * to formal parameters is not modeled. Hence, if `p` is an access to a parameter, - * `p.getASource()` does _not_ return the corresponding argument, and - * `p.isIncomplete("call")` holds. - */ - predicate isIncomplete(DataFlowIncompleteness cause) { none() } - - /** Gets type inference results for this data flow node. */ - DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() } - - /** Gets a textual representation of this element. */ - string toString() { result = this.(ASTNode).toString() } - - /** Gets the location of the AST node underlying this data flow node. */ - Location getLocation() { result = this.(ASTNode).getLocation() } -} - -/** Holds if `nd` is a local source, that is, it has no local data flow predecessor. */ -deprecated private predicate isLocalSource(DataFlowNode nd) { not exists(nd.localFlowPred()) } - -/** Holds if data may flom from `nd` to `succ` in one local step. */ -deprecated private predicate localFlow(DataFlowNode nd, DataFlowNode succ) { - nd = succ.localFlowPred() -} - -/** - * Holds if `snk` is reachable from `src` in one or more local steps, where `src` - * itself is reachable from a local source in zere or more local steps. - */ -deprecated private predicate locallyReachable(DataFlowNode src, DataFlowNode snk) = - boundedFastTC(localFlow/2, isLocalSource/1)(src, snk) - -/** - * A classification of flows that are not modeled, or only modeled incompletely, by - * `DataFlowNode`. - */ -deprecated class DataFlowIncompleteness extends string { - DataFlowIncompleteness() { - this = "call" or // lack of inter-procedural analysis - this = "heap" or // lack of heap modeling - this = "import" or // lack of module import/export modeling - this = "global" or // incomplete modeling of global object - this = "yield" or // lack of yield/async/await modeling - this = "eval" or // lack of reflection modeling - this = "namespace" // lack of exported variable modeling - } -} - -/** - * A variable access, viewed as a data flow node. - */ -deprecated private class VarAccessFlow extends DataFlowNode, @varaccess { - VarAccessFlow() { this instanceof RValue } - - /** - * Gets a data flow node representing a local variable definition to which - * this access may refer. - */ - private VarDefFlow getALocalDef() { - exists(SsaDefinition def | - this = def.getVariable().getAUse() and - result = def.getAContributingVarDef() - ) - } - - override DataFlowNode localFlowPred() { - // flow through local variable - result = getALocalDef().getSourceNode() - } - - override DataFlowNode nonLocalFlowPred() { - exists(GlobalVariable v, VarDefFlow def | - v = def.getAVariable() and - result = def.getSourceNode() and - this = v.getAnAccess() - ) - } - - override predicate isIncomplete(DataFlowIncompleteness cause) { - exists(SsaDefinition ssa, VarDefFlow def | - this = ssa.getVariable().getAUse() and def = ssa.getAContributingVarDef() - | - def.isIncomplete(cause) - ) - or - exists(Variable v | this = v.getAnAccess() | - v.isGlobal() and cause = "global" - or - globalIsIncomplete(v, cause) - or - v.isNamespaceExport() and cause = "namespace" - or - v instanceof ArgumentsVariable and cause = "call" - or - any(DirectEval e).mayAffect(v) and cause = "eval" - ) - } -} - -/** - * Holds if `v` has a definition that introduces analysis incompleteness due to - * the given `cause`. - * - * We exclude cause `"global"`, since all global variables have this incompleteness anyway. - */ -pragma[noinline] -deprecated private predicate globalIsIncomplete(GlobalVariable v, DataFlowIncompleteness cause) { - exists(VarDefFlow def | - v = def.getAVariable() and - def.isIncomplete(cause) and - cause != "global" - ) -} - -/** - * A variable definition, viewed as a contributor to the data flow graph. - */ -deprecated private class VarDefFlow extends VarDef { - /** - * Gets a data flow node representing the value assigned by this - * definition. - */ - DataFlowNode getSourceNode() { - // follow one step of the def-use chain, but only for definitions where - // the lhs is a simple variable reference (as opposed to a destructuring - // pattern) - result = getSource() and getTarget() instanceof VarRef - } - - /** - * Holds if this definition is analyzed imprecisely due to `cause`. - */ - predicate isIncomplete(DataFlowIncompleteness cause) { - this instanceof Parameter and cause = "call" - or - this instanceof ImportSpecifier and cause = "import" - or - exists(EnhancedForLoop efl | this = efl.getIteratorExpr()) and cause = "heap" - or - exists(ComprehensionBlock cb | this = cb.getIterator()) and cause = "yield" - or - getTarget() instanceof DestructuringPattern and cause = "heap" - } -} - -/** - * An IIFE parameter, viewed as a contributor to the data flow graph. - */ -deprecated private class IifeParameterFlow extends VarDefFlow { - /** The function of which this is a parameter. */ - ImmediatelyInvokedFunctionExpr iife; - - IifeParameterFlow() { - this instanceof SimpleParameter and - iife.argumentPassing(this, _) - } - - override DataFlowNode getSourceNode() { iife.argumentPassing(this, result) } - - override predicate isIncomplete(DataFlowIncompleteness cause) { none() } -} - -/** - * An ECMAScript 2015 import, viewed as a contributor to the data flow graph. - */ -deprecated private class ImportSpecifierFlow extends VarDefFlow, ImportSpecifier { - override DataFlowNode getSourceNode() { result = getLocal() } -} - -/** A parenthesized expression, viewed as a data flow node. */ -deprecated private class ParExprFlow extends DataFlowNode, @parexpr { - override DataFlowNode localFlowPred() { result = this.(ParExpr).getExpression() } -} - -/** A type assertion, `E as T` or ` E`, viewed as a data flow node. */ -deprecated private class TypeAssertionFlow extends DataFlowNode, @typeassertion { - override DataFlowNode localFlowPred() { result = this.(TypeAssertion).getExpression() } -} - -/** A non-null assertion, `E!` viewed as a data flow node. */ -deprecated private class NonNullAssertionFlow extends DataFlowNode, @non_null_assertion { - override DataFlowNode localFlowPred() { result = this.(NonNullAssertion).getExpression() } -} - -/** An expression with type arguments, viewed as a data flow node. */ -deprecated private class ExpressionWithTypeArgumentsFlow extends DataFlowNode, - @expressionwithtypearguments { - override DataFlowNode localFlowPred() { - result = this.(ExpressionWithTypeArguments).getExpression() - } -} - -/** A sequence expression, viewed as a data flow node. */ -deprecated private class SeqExprFlow extends DataFlowNode, @seqexpr { - override DataFlowNode localFlowPred() { result = this.(SeqExpr).getLastOperand() } -} - -/** A short-circuiting logical expression, viewed as a data flow node. */ -deprecated private class LogicalBinaryExprFlow extends DataFlowNode, @binaryexpr { - LogicalBinaryExprFlow() { this instanceof LogicalBinaryExpr } - - override DataFlowNode localFlowPred() { result = this.(LogicalBinaryExpr).getAnOperand() } -} - -/** An assignment expression, viewed as a data flow node. */ -deprecated private class AssignExprFlow extends DataFlowNode, @assignexpr { - override DataFlowNode localFlowPred() { result = this.(AssignExpr).getRhs() } -} - -/** A conditional expression, viewed as a data flow node. */ -deprecated private class ConditionalExprFlow extends DataFlowNode, @conditionalexpr { - override DataFlowNode localFlowPred() { result = this.(ConditionalExpr).getABranch() } -} - -/** - * A data flow node whose value involves inter-procedural flow, - * and which hence is analyzed incompletely. - */ -deprecated private class InterProcFlow extends DataFlowNode, @expr { - InterProcFlow() { - this instanceof InvokeExpr or - this instanceof ThisExpr or - this instanceof SuperExpr or - this instanceof NewTargetExpr or - this instanceof FunctionBindExpr or - this instanceof TaggedTemplateExpr - } - - override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "call" } -} - -/** An external module reference, viewed as a data flow node. */ -deprecated private class ExternalModuleFlow extends DataFlowNode, @externalmodulereference { - override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "import" } -} - -/** - * An immediately invoked function expression, viewed as a data flow node. - * - * Unlike other calls, we can analyze the value of an IIFE completely, hence - * we override `InterProcFlow`. - */ -deprecated private class IifeFlow extends InterProcFlow, @callexpr { - /** The function this IIFE invokes. */ - ImmediatelyInvokedFunctionExpr iife; - - IifeFlow() { this = iife.getInvocation() } - - override DataFlowNode localFlowPred() { result = iife.getAReturnedExpr() } - - override predicate isIncomplete(DataFlowIncompleteness cause) { none() } -} - -/** - * A property access, viewed as a data flow node. - */ -deprecated private class PropAccessFlow extends DataFlowNode, @propaccess { - override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "heap" } -} - -/** - * A data flow node whose value involves co-routines or promises, - * and which hence is analyzed incompletely. - */ -deprecated private class IteratorFlow extends DataFlowNode, @expr { - IteratorFlow() { - this instanceof YieldExpr or - this instanceof AwaitExpr or - this instanceof FunctionSentExpr or - this instanceof DynamicImportExpr - } - - override predicate isIncomplete(DataFlowIncompleteness cause) { cause = "yield" } -} - -/** - * A data flow node that reads or writes an object property. - */ -abstract deprecated class PropRefNode extends DataFlowNode { - /** - * Gets the data flow node corresponding to the base object - * whose property is read from or written to. - */ - abstract DataFlowNode getBase(); - - /** - * Gets the expression specifying the name of the property being - * read or written. This is usually either an identifier or a literal. - */ - abstract Expr getPropertyNameExpr(); - - /** - * Gets the name of the property being read or written, - * if it can be statically determined. - * - * This predicate is undefined for dynamic property references - * such as `e[computePropertyName()]` and for spread/rest - * properties. - */ - abstract string getPropertyName(); -} - -/** - * A data flow node that writes to an object property. - */ -abstract deprecated class PropWriteNode extends PropRefNode { - /** - * Gets the data flow node corresponding to the value being written, - * if it can be statically determined. - * - * This predicate is undefined for spread properties, accessor - * properties, and most uses of `Object.defineProperty`. - */ - abstract DataFlowNode getRhs(); - - /** - * Holds if this data flow node writes the value of `rhs` to property - * `prop` of the object that `base` evaluates to. - */ - pragma[noinline] - predicate writes(DataFlow::Node base, string prop, DataFlow::Node rhs) { - base = DataFlow::valueNode(getBase()) and - prop = getPropertyName() and - rhs = DataFlow::valueNode(getRhs()) - } -} - -/** - * A property assignment, viewed as a data flow node. - */ -deprecated private class PropAssignNode extends PropWriteNode, @propaccess { - PropAssignNode() { this instanceof LValue } - - override DataFlowNode getBase() { result = this.(PropAccess).getBase() } - - override Expr getPropertyNameExpr() { result = this.(PropAccess).getPropertyNameExpr() } - - override string getPropertyName() { result = this.(PropAccess).getPropertyName() } - - override DataFlowNode getRhs() { result = this.(LValue).getRhs() } -} - -/** - * A property of an object literal, viewed as a data flow node that writes - * to the corresponding property. - */ -deprecated private class PropInitNode extends PropWriteNode, @property { - /** Gets the property that this node wraps. */ - private Property getProperty() { result = this } - - override DataFlowNode getBase() { result = getProperty().getObjectExpr() } - - override Expr getPropertyNameExpr() { result = getProperty().getNameExpr() } - - override string getPropertyName() { result = getProperty().getName() } - - override DataFlowNode getRhs() { result = getProperty().(ValueProperty).getInit() } -} - -/** - * A call to `Object.defineProperty`, viewed as a data flow node that - * writes to the corresponding property. - */ -deprecated private class ObjectDefinePropNode extends PropWriteNode, @callexpr { - CallToObjectDefineProperty odp; - - ObjectDefinePropNode() { this = odp.asExpr() } - - override DataFlowNode getBase() { result = odp.getBaseObject().asExpr() } - - override Expr getPropertyNameExpr() { result = odp.getArgument(1).asExpr() } - - override string getPropertyName() { result = odp.getPropertyName() } - - override DataFlowNode getRhs() { - exists(ObjectExpr propdesc | - propdesc = odp.getPropertyDescriptor().asExpr() and - result = propdesc.getPropertyByName("value").getInit() - ) - } -} - -/** - * A static member definition, viewed as a data flow node that adds - * a property to the class. - */ -deprecated private class StaticMemberAsWrite extends PropWriteNode, @expr { - StaticMemberAsWrite() { exists(MemberDefinition md | md.isStatic() and this = md.getNameExpr()) } - - /** Gets the member definition that this node wraps. */ - private MemberDefinition getMember() { this = result.getNameExpr() } - - override DataFlowNode getBase() { result = getMember().getDeclaringClass() } - - override Expr getPropertyNameExpr() { result = getMember().getNameExpr() } - - override string getPropertyName() { result = getMember().getName() } - - override DataFlowNode getRhs() { result = getMember().getInit() } -} - -/** - * A spread property of an object literal, viewed as a data flow node that writes - * properties of the object literal. - */ -deprecated private class SpreadPropertyAsWrite extends PropWriteNode, @expr { - SpreadPropertyAsWrite() { exists(SpreadProperty prop | this = prop.getInit()) } - - override DataFlowNode getBase() { result.(ObjectExpr).getAProperty().getInit() = this } - - override Expr getPropertyNameExpr() { none() } - - override string getPropertyName() { none() } - - override DataFlowNode getRhs() { none() } -} - -/** - * A JSX attribute, viewed as a data flow node that writes properties to - * the JSX element it is in. - */ -deprecated private class JSXAttributeAsWrite extends PropWriteNode, @identifier { - JSXAttributeAsWrite() { exists(JSXAttribute attr | this = attr.getNameExpr()) } - - /** Gets the JSX attribute that this node wraps. */ - private JSXAttribute getAttribute() { result.getNameExpr() = this } - - override DataFlowNode getBase() { result = getAttribute().getElement() } - - override Expr getPropertyNameExpr() { result = this } - - override string getPropertyName() { result = this.(Identifier).getName() } - - override DataFlowNode getRhs() { result = getAttribute().getValue() } -} - -/** - * A data flow node that reads an object property. - */ -abstract deprecated class PropReadNode extends PropRefNode { - /** - * Gets the default value of this property read, if any. - */ - abstract DataFlowNode getDefault(); -} - -/** - * A property access in rvalue position. - */ -deprecated private class PropAccessReadNode extends PropReadNode, @propaccess { - PropAccessReadNode() { this instanceof RValue } - - override DataFlowNode getBase() { result = this.(PropAccess).getBase() } - - override Expr getPropertyNameExpr() { result = this.(PropAccess).getPropertyNameExpr() } - - override string getPropertyName() { result = this.(PropAccess).getPropertyName() } - - override DataFlowNode getDefault() { none() } -} - -/** - * A property pattern viewed as a property read; for instance, in - * `var { p: q } = o`, `p` is a read of property `p` of `o`. - */ -deprecated private class PropPatternReadNode extends PropReadNode, @expr { - PropPatternReadNode() { this = any(PropertyPattern p).getNameExpr() } - - /** Gets the property pattern that this node wraps. */ - private PropertyPattern getPropertyPattern() { this = result.getNameExpr() } - - override DataFlowNode getBase() { - exists(VarDef d | - d.getTarget() = getPropertyPattern().getObjectPattern() and - result = d.getSource() - ) - } - - override Expr getPropertyNameExpr() { result = getPropertyPattern().getNameExpr() } - - override string getPropertyName() { result = getPropertyPattern().getName() } - - override DataFlowNode getDefault() { result = getPropertyPattern().getDefault() } -} - -/** - * A rest pattern viewed as a property read; for instance, in - * `var { ...ps } = o`, `ps` is a read of all properties of `o`. - */ -deprecated private class RestPropertyAsRead extends PropReadNode { - RestPropertyAsRead() { this = any(ObjectPattern p).getRest() } - - override DataFlowNode getBase() { - exists(VarDef d | - d.getTarget().(ObjectPattern).getRest() = this and - result = d.getSource() - ) - } - - override Expr getPropertyNameExpr() { none() } - - override string getPropertyName() { none() } - - override DataFlowNode getDefault() { none() } -} diff --git a/javascript/ql/src/semmle/javascript/HTML.qll b/javascript/ql/src/semmle/javascript/HTML.qll index 8370946399b4..064bc813538a 100644 --- a/javascript/ql/src/semmle/javascript/HTML.qll +++ b/javascript/ql/src/semmle/javascript/HTML.qll @@ -233,21 +233,3 @@ module HTML { override Location getLocation() { xmllocations(this, result) } } } - -/** DEPRECATED: Use `HTML::HtmlFile` instead. */ -deprecated class HTMLFile = HTML::HtmlFile; - -/** DEPRECATED: Use `HTML::Element` instead. */ -deprecated class HTMLElement = HTML::Element; - -/** DEPRECATED: Use `HTML::Attribute` instead. */ -deprecated class HTMLAttribute = HTML::Attribute; - -/** DEPRECATED: Use `HTML::DocumentElement` instead. */ -deprecated class HtmlDocumentElement = HTML::DocumentElement; - -/** DEPRECATED: Use `HTML::ScriptElement` instead. */ -deprecated class HtmlScriptElement = HTML::ScriptElement; - -/** DEPRECATED: Use `HTML::TextNode` instead. */ -deprecated class HtmlText = HTML::TextNode; diff --git a/javascript/ql/src/semmle/javascript/Modules.qll b/javascript/ql/src/semmle/javascript/Modules.qll index 620bc3a2cbbe..654b4d30b606 100644 --- a/javascript/ql/src/semmle/javascript/Modules.qll +++ b/javascript/ql/src/semmle/javascript/Modules.qll @@ -172,62 +172,3 @@ abstract class PathExprInModule extends PathExpr { getEnclosingModule().searchRoot(this, result, priority) } } - -/** - * An import of a module with the given `path`, either using `require` or using `import`. - */ -deprecated private predicate isImport(DataFlowNode nd, string moduleName) { - exists(Import i | i.getImportedPath().getValue() = moduleName | - // `require("http")` - nd = i.(Require) - or - exists(ImportSpecifier spec | spec = i.(ImportDeclaration).getASpecifier() | - // common, but semantically different, ways of exposing modules through imports: - // `import * as http from 'http'` - nd = spec.(ImportNamespaceSpecifier).getLocal() - or - // `import http from 'http'` - nd = spec.(ImportDefaultSpecifier).getLocal() - ) - ) -} - -/** - * DEPRECATED: Use `DataFlow::moduleImport` and `DataFlow::ModuleImportNode` instead. - * - * A data flow node that holds a module instance, that is, the result of - * an import of the module. - */ -deprecated class ModuleInstance extends DataFlowNode { - ModuleInstance() { isImport(this, _) } - - /** Gets the path from which the module is imported. */ - string getPath() { isImport(this, result) } - - /** - * Gets an invocation of the method or constructor named `memberName` on this module instance. - */ - InvokeExpr getAMemberInvocation(string memberName) { - result.getCallee().(DataFlowNode).getALocalSource() = getAPropertyRead(memberName) - } - - /** - * Gets a function call that invokes method `methodName` on this module instance. - */ - CallExpr getAMethodCall(string methodName) { result = getAMemberInvocation(methodName) } - - /** - * Gets a `new` call that invokes constructor `constructorName` on this module instance. - */ - NewExpr getAConstructorInvocation(string constructorName) { - result = getAMemberInvocation(constructorName) - } - - /** - * Gets a read access to property `propName` on this module instance. - */ - PropReadNode getAPropertyRead(string propName) { - result.getBase().getALocalSource() = this and - result.getPropertyName() = propName - } -} diff --git a/javascript/ql/src/semmle/javascript/StandardLibrary.qll b/javascript/ql/src/semmle/javascript/StandardLibrary.qll index c49dc821e2a4..32e75115ec72 100644 --- a/javascript/ql/src/semmle/javascript/StandardLibrary.qll +++ b/javascript/ql/src/semmle/javascript/StandardLibrary.qll @@ -33,15 +33,6 @@ class DirectEval extends CallExpr { predicate mayAffect(LocalVariable lv) { getParent+() = lv.getScope().getScopeElement() } } -/** - * DEPRECATED. Use `JsonParserCall` and the data flow API instead. - * - * A call to `JSON.parse`. - */ -deprecated class JsonParseCall extends MethodCallExpr { - JsonParseCall() { this = DataFlow::globalVarRef("JSON").getAMemberCall("parse").asExpr() } -} - /** * Flow analysis for `this` expressions inside a function that is called with * `Array.prototype.map` or a similar Array function that binds `this`. diff --git a/javascript/ql/src/semmle/javascript/dataflow/CallGraph.qll b/javascript/ql/src/semmle/javascript/dataflow/CallGraph.qll deleted file mode 100644 index caf2ee8fbdf4..000000000000 --- a/javascript/ql/src/semmle/javascript/dataflow/CallGraph.qll +++ /dev/null @@ -1,131 +0,0 @@ -/** - * Provides classes for working with call graphs derived from intra-procedural data flow. - */ - -import javascript -private import InferredTypes - -/** - * DEPRECATED: Use `DataFlow::InvokeNode` instead. - * - * A function call or `new` expression, with information about its potential callees. - * - * Both direct calls and reflective calls using `call` or `apply` are modelled. - */ -deprecated class CallSite extends @invokeexpr { - InvokeExpr invk; - - CallSite() { invk = this } - - /** Gets an abstract value representing possible callees of this call site. */ - cached - AbstractValue getACalleeValue() { result = invk.getCallee().analyze().getAValue() } - - /** - * Gets the data flow node corresponding to the `i`th argument passed to the callee - * invoked at this call site. - * - * For direct calls, this is the `i`th argument to the call itself: for instance, - * for a call `f(x, y)`, the 0th argument node is `x` and the first argument node is `y`. - * - * For reflective calls using `call`, the 0th argument to the call denotes the - * receiver, so argument positions are shifted by one: for instance, for a call - * `f.call(x, y, z)`, the 0th argument node is `y` and the first argument node is `z`, - * while `x` is not an argument node at all. - * - * Note that this predicate is not defined for arguments following a spread - * argument: for instance, for a call `f(x, ...y, z)`, the 0th argument node is `x`, - * but the position of `z` cannot be determined, hence there are no first and second - * argument nodes. - */ - DataFlow::AnalyzedNode getArgumentNode(int i) { - result = invk.getArgument(i).analyze() and - not earlierSpreadArgument(i) - } - - /** Holds if `invk` has a spread argument at index `i` or earlier. */ - private predicate earlierSpreadArgument(int i) { - invk.isSpreadArgument(i) - or - (earlierSpreadArgument(i - 1) and i < invk.getNumArgument()) - } - - /** Gets a potential callee based on dataflow analysis results. */ - private Function getACalleeFromDataflow() { - result = getACalleeValue().(AbstractCallable).getFunction() - } - - /** Gets a potential callee of this call site. */ - Function getACallee() { - result = getACalleeFromDataflow() - or - not exists(getACalleeFromDataflow()) and - result = invk.getResolvedCallee() - } - - /** - * Holds if the approximation of possible callees for this call site is - * affected by the given analysis incompleteness `cause`. - */ - predicate isIndefinite(DataFlow::Incompleteness cause) { getACalleeValue().isIndefinite(cause) } - - /** - * Holds if our approximation of possible callees for this call site is - * likely to be imprecise. - * - * We currently track one specific source of imprecision: call - * resolution relies on flow through global variables, and the flow - * analysis finds possible callees that are not functions. - * This usually means that a global variable is used in multiple - * independent contexts, so tracking flow through it leads to - * imprecision. - */ - predicate isImprecise() { - isIndefinite("global") and - exists(DefiniteAbstractValue v | v = getACalleeValue() | not v instanceof AbstractCallable) - } - - /** - * Holds if our approximation of possible callees for this call site is - * likely to be incomplete. - */ - predicate isIncomplete() { - // the flow analysis identifies a source of incompleteness other than - // global flow (which usually leads to imprecision rather than incompleteness) - any(DataFlow::Incompleteness cause | isIndefinite(cause)) != "global" - } - - /** - * Holds if our approximation of possible callees for this call site is - * likely to be imprecise or incomplete. - */ - predicate isUncertain() { isImprecise() or isIncomplete() } - - /** - * Gets a textual representation of this invocation. - */ - string toString() { result = this.(InvokeExpr).toString() } - - Location getLocation() { result = this.(InvokeExpr).getLocation() } -} - -/** - * A reflective function call using `call` or `apply`. - */ -deprecated class ReflectiveCallSite extends CallSite { - DataFlow::AnalyzedNode callee; - - string callMode; - - ReflectiveCallSite() { - this.(MethodCallExpr).calls(callee.asExpr(), callMode) and - (callMode = "call" or callMode = "apply") - } - - override AbstractValue getACalleeValue() { result = callee.getAValue() } - - override DataFlow::AnalyzedNode getArgumentNode(int i) { - callMode = "call" and - result = super.getArgumentNode(i + 1) - } -} diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index 087e659dd7bc..f38b98f0410c 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -197,31 +197,6 @@ abstract class Configuration extends string { predicate hasFlowPath(SourcePathNode source, SinkPathNode sink) { flowsTo(source, _, sink, _, this) } - - /** - * DEPRECATED: Use `hasFlowPath` instead. - * - * Holds if data may flow from `source` to `sink` for this configuration. - */ - deprecated predicate hasPathFlow(SourcePathNode source, SinkPathNode sink) { - hasFlowPath(source, sink) - } - - /** - * DEPRECATED: Use `hasFlow` instead. - * - * Holds if `source` flows to `sink`. - */ - deprecated predicate flowsTo(DataFlow::Node source, DataFlow::Node sink) { hasFlow(source, sink) } - - /** - * DEPRECATED: Use `hasFlow` instead. - * - * Holds if `source` flows to `sink`. - */ - deprecated predicate flowsFrom(DataFlow::Node sink, DataFlow::Node source) { - hasFlow(source, sink) - } } /** diff --git a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll index ebeca2da208c..30af8235c8af 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll @@ -28,9 +28,6 @@ class InvokeNode extends DataFlow::SourceNode { /** Gets the name of the function or method being invoked, if it can be determined. */ string getCalleeName() { result = impl.getCalleeName() } - /** DEPRECATED: Use `getCalleeNode()` instead. */ - deprecated DataFlow::Node getCallee() { result = getCalleeNode() } - /** Gets the data flow node specifying the function to be called. */ DataFlow::Node getCalleeNode() { result = impl.getCalleeNode() } diff --git a/javascript/ql/src/semmle/javascript/dataflow/Sources.qll b/javascript/ql/src/semmle/javascript/dataflow/Sources.qll index 1890d3435a19..7c70380ec85d 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Sources.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Sources.qll @@ -54,18 +54,6 @@ class SourceNode extends DataFlow::Node { result = getAPropertyReference(propName) } - /** - * DEPRECATED: Use `getAPropertyReference` instead. - * - * Gets an access to property `propName` on this node, either through - * a dot expression (as in `x.propName`) or through an index expression - * (as in `x["propName"]`). - */ - deprecated DataFlow::PropRead getAPropertyAccess(string propName) { - result = getAPropertyReference(propName) and - result.asExpr() instanceof PropAccess - } - /** * Holds if there is an assignment to property `propName` on this node, * and the right hand side of the assignment is `rhs`. diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll index ae6c696bc483..f25f87d610dc 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll @@ -14,7 +14,6 @@ */ import javascript -import semmle.javascript.dataflow.CallGraph private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.dataflow.InferredTypes @@ -101,7 +100,6 @@ module TaintTracking { final override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { isAdditionalTaintStep(pred, succ) or - pred = succ.(FlowTarget).getATaintSource() or any(AdditionalTaintStep dts).step(pred, succ) } @@ -146,15 +144,6 @@ module TaintTracking { abstract class LabeledSanitizerGuardNode extends SanitizerGuardNode, DataFlow::LabeledBarrierGuardNode { } - /** - * DEPRECATED: Override `Configuration::isAdditionalTaintStep` or use - * `AdditionalTaintStep` instead. - */ - abstract class FlowTarget extends DataFlow::Node { - /** Gets another data flow node from which taint is propagated to this node. */ - abstract DataFlow::Node getATaintSource(); - } - /** * A taint-propagating data flow edge that should be added to all taint tracking * configurations in addition to standard data flow edges. @@ -173,9 +162,6 @@ module TaintTracking { abstract predicate step(DataFlow::Node pred, DataFlow::Node succ); } - /** DEPRECATED: Use `AdditionalTaintStep` instead. */ - deprecated class DefaultTaintStep = AdditionalTaintStep; - /** * A taint propagating data flow edge through object or array elements and * promises. @@ -882,30 +868,4 @@ module TaintTracking { override predicate appliesTo(Configuration cfg) { any() } } - - /** - * An expression that can act as a sanitizer for a variable when appearing - * in a condition. - * - * DEPRECATED: use `AdditionalSanitizerGuardNode` instead. - */ - abstract deprecated class SanitizingGuard extends Expr { - /** - * Holds if this expression sanitizes expression `e` for the purposes of taint-tracking - * configuration `cfg`, provided it evaluates to `outcome`. - */ - abstract predicate sanitizes(Configuration cfg, boolean outcome, Expr e); - } - - /** - * Support registration of sanitizers with the deprecated type `SanitizingGuard`. - */ - deprecated private class AdditionalSanitizingGuard extends AdditionalSanitizerGuardNode, - DataFlow::ValueNode { - override SanitizingGuard astNode; - - override predicate sanitizes(boolean outcome, Expr e) { astNode.sanitizes(_, outcome, e) } - - override predicate appliesTo(Configuration cfg) { astNode.sanitizes(cfg, _, _) } - } } diff --git a/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll index 41e4e0ec0a5f..48ea7f8b16e5 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll @@ -23,11 +23,6 @@ DataFlow::SourceNode angular() { result = DataFlow::moduleImport("angular") } -/** - * DEPRECATED: Use `angular()` instead. - */ -deprecated predicate isAngularRef(DataFlowNode nd) { angular().flowsToExpr(nd) } - pragma[noopt] private predicate isAngularString(Expr s) { exists(DataFlow::SourceNode angular, StmtContainer sc, TopLevel tl | diff --git a/javascript/ql/src/semmle/javascript/frameworks/Express.qll b/javascript/ql/src/semmle/javascript/frameworks/Express.qll index 3004c3ae1fc4..c5eff9d0e5c6 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/Express.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/Express.qll @@ -34,25 +34,6 @@ module Express { result = DataFlow::moduleMember("express", "Router").getAnInvocation() } - /** - * DEPRECATED: Use `appCreation()` instead. - * - * Holds if `e` is an expression that creates a new Express application. - */ - deprecated predicate isAppCreation(InvokeExpr e) { e = appCreation().asExpr() } - - /** - * DEPRECATED: Use `appCreation()` instead. - * - * Holds if `e` is an Express application object - */ - deprecated predicate isApp(Expr e) { any(Application app).flowsTo(e) } - - /** - * Holds if `e` creates an Express router (possibly an application). - */ - deprecated predicate isRouterCreation(InvokeExpr e) { e = routerCreation().asExpr() } - /** * Holds if `e` may refer to the given `router` object. */ diff --git a/javascript/ql/src/semmle/javascript/frameworks/React.qll b/javascript/ql/src/semmle/javascript/frameworks/React.qll index b747e445cb1c..742f0d969ea0 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/React.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/React.qll @@ -13,11 +13,6 @@ DataFlow::SourceNode react() { result = DataFlow::moduleImport("react") } -/** - * DEPRECATED: Use `react()` instead. - */ -deprecated predicate isReactRef(DataFlowNode nd) { react().flowsToExpr(nd) } - /** * An object that implements the React component interface. * @@ -59,32 +54,11 @@ abstract class ReactComponent extends ASTNode { result.(DataFlow::ThisNode).getBinder().getFunction() = getInstanceMethod(_) } - /** - * Gets the `this` node in an instance method of this component. - * - * DEPRECATED: Use `getAThisNode` instead. - */ - deprecated DataFlow::SourceNode getAThisAccess() { result = getAThisNode() } - - /** - * Gets an access to the `props` object of this component. - * - * DEPRECATED: Use `getADirectPropsAccess` instead. - */ - deprecated DataFlow::SourceNode getAPropsSource() { result = getADirectPropsAccess() } - /** * Gets an access to the `props` object of this component. */ abstract DataFlow::SourceNode getADirectPropsAccess(); - /** - * Gets an access to the `state` object of this component. - * - * DEPRECATED: Use `getADirectStateAccess` instead. - */ - deprecated DataFlow::SourceNode getAStateSource() { result = getADirectStateAccess() } - /** * Gets an access to the `state` object of this component. */ diff --git a/javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll b/javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll index 2fa3d2e03dc9..be0113fab364 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll @@ -83,11 +83,6 @@ module urijs { * Provides classes for working with [uri-js](https://github.com/garycourt/uri-js) code. */ module uridashjs { - /** - * Gets a data flow source node for the uridashjs library. - */ - deprecated DataFlow::SourceNode uridashjs() { result = DataFlow::moduleImport("uri-js") } - /** * Gets a data flow source node for member `name` of the uridashjs library. */ @@ -121,11 +116,6 @@ module uridashjs { * Provides classes for working with [punycode](https://github.com/bestiejs/punycode.js) code. */ module punycode { - /** - * Gets a data flow source node for the punycode library. - */ - deprecated DataFlow::SourceNode punycode() { result = DataFlow::moduleImport("punycode") } - /** * Gets a data flow source node for member `name` of the punycode library. */ @@ -197,13 +187,6 @@ module urlParse { * Provides classes for working with [querystringify](https://github.com/unshiftio/querystringify) code. */ module querystringify { - /** - * Gets a data flow source node for the querystringify library. - */ - deprecated DataFlow::SourceNode querystringify() { - result = DataFlow::moduleImport("querystringify") - } - /** * Gets a data flow source node for member `name` of the querystringify library. */ @@ -235,13 +218,6 @@ module querystringify { * Provides classes for working with [query-string](https://github.com/sindresorhus/query-string) code. */ module querydashstring { - /** - * Gets a data flow source node for the query-string library. - */ - deprecated DataFlow::SourceNode querydashstring() { - result = DataFlow::moduleImport("query-string") - } - /** * Gets a data flow source node for member `name` of the query-string library. */ @@ -275,11 +251,6 @@ module querydashstring { * Provides classes for working with [url](https://nodejs.org/api/url.html) code. */ module url { - /** - * Gets a data flow source node for the url library. - */ - deprecated DataFlow::SourceNode url() { result = DataFlow::moduleImport("url") } - /** * Gets a data flow source node for member `name` of the url library. */ @@ -310,11 +281,6 @@ module url { * Provides classes for working with [querystring](https://nodejs.org/api/querystring.html) code. */ module querystring { - /** - * Gets a data flow source node for the querystring library. - */ - deprecated DataFlow::SourceNode querystring() { result = DataFlow::moduleImport("querystring") } - /** * Gets a data flow source node for member `name` of the querystring library. */ diff --git a/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll b/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll index e2f1d44f607c..2cdce244bf2d 100644 --- a/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll +++ b/javascript/ql/src/semmle/javascript/frameworks/jQuery.qll @@ -57,30 +57,6 @@ class JQueryMethodCall extends CallExpr { */ string getMethodName() { result = name } - /** - * DEPRECATED: Use `interpretsArgumentAsHtml` instead. - * - * Holds if this call interprets its arguments as HTML. - */ - deprecated predicate interpretsArgumentsAsHtml() { - name = "addClass" or - name = "after" or - name = "append" or - name = "appendTo" or - name = "before" or - name = "html" or - name = "insertAfter" or - name = "insertBefore" or - name = "parseHTML" or - name = "prepend" or - name = "prependTo" or - name = "prop" or - name = "replaceWith" or - name = "wrap" or - name = "wrapAll" or - name = "wrapInner" - } - /** * Holds if `e` is an argument that this method may interpret as HTML. * diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll b/javascript/ql/src/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll index a327bdb15b33..8d45b6b72d77 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/BrokenCryptoAlgorithm.qll @@ -69,15 +69,3 @@ module BrokenCryptoAlgorithm { } } } - -/** DEPRECATED: Use `BrokenCryptoAlgorithm::Source` instead. */ -deprecated class BrokenCryptoAlgorithmSource = BrokenCryptoAlgorithm::Source; - -/** DEPRECATED: Use `BrokenCryptoAlgorithm::Sink` instead. */ -deprecated class BrokenCryptoAlgorithmSink = BrokenCryptoAlgorithm::Sink; - -/** DEPRECATED: Use `BrokenCryptoAlgorithm::Sanitizer` instead. */ -deprecated class BrokenCryptoAlgorithmSanitizer = BrokenCryptoAlgorithm::Sanitizer; - -/** DEPRECATED: Use `BrokenCryptoAlgorithm::Configuration` instead. */ -deprecated class BrokenCryptoAlgorithmDataFlowConfiguration = BrokenCryptoAlgorithm::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorage.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorage.qll index e178cb267a27..e42d145d1bb4 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorage.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorage.qll @@ -90,15 +90,3 @@ module CleartextStorage { } } } - -/** DEPRECATED: Use `CleartextStorage::Source` instead. */ -deprecated class CleartextStorageSource = CleartextStorage::Source; - -/** DEPRECATED: Use `CleartextStorage::Sink` instead. */ -deprecated class CleartextStorageSink = CleartextStorage::Sink; - -/** DEPRECATED: Use `CleartextStorage::Sanitizer` instead. */ -deprecated class CleartextStorageSanitizer = CleartextStorage::Sanitizer; - -/** DEPRECATED: Use `CleartextStorage::Configuration` instead. */ -deprecated class CleartextStorageDataFlowConfiguration = CleartextStorage::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll index 4f23dc21466a..426aa13b02c3 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll @@ -176,15 +176,3 @@ module ClientSideUrlRedirect { } } } - -/** DEPRECATED: Use `ClientSideUrlRedirect::Source` instead. */ -deprecated class ClientSideUrlRedirectSource = ClientSideUrlRedirect::Source; - -/** DEPRECATED: Use `ClientSideUrlRedirect::Sink` instead. */ -deprecated class ClientSideUrlRedirectSink = ClientSideUrlRedirect::Sink; - -/** DEPRECATED: Use `ClientSideUrlRedirect::Sanitizer` instead. */ -deprecated class ClientSideUrlRedirectSanitizer = ClientSideUrlRedirect::Sanitizer; - -/** DEPRECATED: Use `ClientSideUrlRedirect::Configuration` instead. */ -deprecated class ClientSideUrlRedirectDataFlowConfiguration = ClientSideUrlRedirect::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjection.qll index 6dc90cb839aa..d0d019b43804 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjection.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/CodeInjection.qll @@ -123,15 +123,3 @@ module CodeInjection { } } } - -/** DEPRECATED: Use `CodeInjection::Source` instead. */ -deprecated class CodeInjectionSource = CodeInjection::Source; - -/** DEPRECATED: Use `CodeInjection::Sink` instead. */ -deprecated class CodeInjectionSink = CodeInjection::Sink; - -/** DEPRECATED: Use `CodeInjection::Sanitizer` instead. */ -deprecated class CodeInjectionSanitizer = CodeInjection::Sanitizer; - -/** DEPRECATED: Use `CodeInjection::Configuration` instead. */ -deprecated class CodeInjectionDataFlowConfiguration = CodeInjection::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll index 09c8ed3008b0..f66bc4cf7e8d 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/CommandInjection.qll @@ -123,15 +123,3 @@ module CommandInjection { ) } } - -/** DEPRECATED: Use `CommandInjection::Source` instead. */ -deprecated class CommandInjectionSource = CommandInjection::Source; - -/** DEPRECATED: Use `CommandInjection::Sink` instead. */ -deprecated class CommandInjectionSink = CommandInjection::Sink; - -/** DEPRECATED: Use `CommandInjection::Sanitizer` instead. */ -deprecated class CommandInjectionSanitizer = CommandInjection::Sanitizer; - -/** DEPRECATED: Use `CommandInjection::Configuration` instead. */ -deprecated class CommandInjectionTrackingConfig = CommandInjection::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ConditionalBypass.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ConditionalBypass.qll index cc5ad81fb14e..7eb24ca9debe 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/ConditionalBypass.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/ConditionalBypass.qll @@ -83,15 +83,3 @@ module ConditionalBypass { override SensitiveAction getAction() { result = action } } } - -/** DEPRECATED: Use `ConditionalBypass::Source` instead. */ -deprecated class ConditionalBypassSource = ConditionalBypass::Source; - -/** DEPRECATED: Use `ConditionalBypass::Sink` instead. */ -deprecated class ConditionalBypassSink = ConditionalBypass::Sink; - -/** DEPRECATED: Use `ConditionalBypass::Sanitizer` instead. */ -deprecated class ConditionalBypassSanitizer = ConditionalBypass::Sanitizer; - -/** DEPRECATED: Use `ConditionalBypass::Configuration` instead. */ -deprecated class ConditionalBypassDataFlowConfiguration = ConditionalBypass::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll index 184c0490ed5b..df863e743718 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentials.qll @@ -87,18 +87,3 @@ module CorsMisconfigurationForCredentials { } } } - -/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Source` instead. */ -deprecated class CorsMisconfigurationForCredentialsSource = - CorsMisconfigurationForCredentials::Source; - -/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Sink` instead. */ -deprecated class CorsMisconfigurationForCredentialsSink = CorsMisconfigurationForCredentials::Sink; - -/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Sanitizer` instead. */ -deprecated class CorsMisconfigurationForCredentialsSanitizer = - CorsMisconfigurationForCredentials::Sanitizer; - -/** DEPRECATED: Use `CorsMisconfigurationForCredentials::Configuration` instead. */ -deprecated class CorsMisconfigurationForCredentialsDataFlowConfiguration = - CorsMisconfigurationForCredentials::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll index a3db0210aedf..8b271d567672 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll @@ -189,15 +189,3 @@ module DomBasedXss { override string getVulnerabilityKind() { result = "HTML injection" } } } - -/** DEPRECATED: Use `DomBasedXss::Source` instead. */ -deprecated class XssSource = DomBasedXss::Source; - -/** DEPRECATED: Use `DomBasedXss::Sink` instead. */ -deprecated class XssSink = DomBasedXss::Sink; - -/** DEPRECATED: Use `DomBasedXss::Sanitizer` instead. */ -deprecated class XssSanitizer = DomBasedXss::Sanitizer; - -/** DEPRECATED: Use `DomBasedXss::Configuration` instead. */ -deprecated class XssDataFlowConfiguration = DomBasedXss::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll b/javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll index 5566405d4073..11ecd17cef3b 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/HardcodedCredentials.qll @@ -47,15 +47,3 @@ module HardcodedCredentials { override string getKind() { result = this.asExpr().(CredentialsExpr).getCredentialsKind() } } } - -/** DEPRECATED: Use `HardcodedCredentials::Source` instead. */ -deprecated class HardcodedCredentialsSource = HardcodedCredentials::Source; - -/** DEPRECATED: Use `HardcodedCredentials::Sink` instead. */ -deprecated class HardcodedCredentialsSink = HardcodedCredentials::Sink; - -/** DEPRECATED: Use `HardcodedCredentials::Sanitizer` instead. */ -deprecated class HardcodedCredentialsSanitizer = HardcodedCredentials::Sanitizer; - -/** DEPRECATED: Use `HardcodedCredentials::Configuration` instead. */ -deprecated class HardcodedCredentialsTrackingConfiguration = HardcodedCredentials::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/InsecureRandomness.qll b/javascript/ql/src/semmle/javascript/security/dataflow/InsecureRandomness.qll index a936a40d729e..20acb7de1d81 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/InsecureRandomness.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/InsecureRandomness.qll @@ -109,15 +109,3 @@ module InsecureRandomness { */ class CryptoKeySink extends Sink { CryptoKeySink() { this instanceof CryptographicKey } } } - -/** DEPRECATED: Use `InsecureRandomness::Source` instead. */ -deprecated class InsecureRandomnessSource = InsecureRandomness::Source; - -/** DEPRECATED: Use `InsecureRandomness::Sink` instead. */ -deprecated class InsecureRandomnessSink = InsecureRandomness::Sink; - -/** DEPRECATED: Use `InsecureRandomness::Sanitizer` instead. */ -deprecated class InsecureRandomnessSanitizer = InsecureRandomness::Sanitizer; - -/** DEPRECATED: Use `InsecureRandomness::Configuration` instead. */ -deprecated class InsecureRandomnessDataFlowConfiguration = InsecureRandomness::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll b/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll index 3318c09212e2..c115df553d1a 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHash.qll @@ -71,16 +71,3 @@ module InsufficientPasswordHash { } } } - -/** DEPRECATED: Use `InsufficientPasswordHash::Source` instead. */ -deprecated class InsufficientPasswordHashSource = InsufficientPasswordHash::Source; - -/** DEPRECATED: Use `InsufficientPasswordHash::Sink` instead. */ -deprecated class InsufficientPasswordHashSink = InsufficientPasswordHash::Sink; - -/** DEPRECATED: Use `InsufficientPasswordHash::Sanitizer` instead. */ -deprecated class InsufficientPasswordHashSanitizer = InsufficientPasswordHash::Sanitizer; - -/** DEPRECATED: Use `InsufficientPasswordHash::Configuration` instead. */ -deprecated class InsufficientPasswordHashDataFlowConfiguration = - InsufficientPasswordHash::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/NosqlInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/NosqlInjection.qll index dbbd6cfdbe2f..b17b90306d25 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/NosqlInjection.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/NosqlInjection.qll @@ -78,15 +78,3 @@ module NosqlInjection { /** An expression interpreted as a NoSQL query, viewed as a sink. */ class NosqlQuerySink extends Sink, DataFlow::ValueNode { override NoSQL::Query astNode; } } - -/** DEPRECATED: Use `NosqlInjection::Source` instead. */ -deprecated class NosqlInjectionSource = NosqlInjection::Source; - -/** DEPRECATED: Use `NosqlInjection::Sink` instead. */ -deprecated class NosqlInjectionSink = NosqlInjection::Sink; - -/** DEPRECATED: Use `NosqlInjection::Sanitizer` instead. */ -deprecated class NosqlInjectionSanitizer = NosqlInjection::Sanitizer; - -/** DEPRECATED: Use `NosqlInjection::Configuration` instead. */ -deprecated class NosqlInjectionTrackingConfig = NosqlInjection::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ReflectedXss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ReflectedXss.qll index dc4c558d2760..5b7f1b705612 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/ReflectedXss.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/ReflectedXss.qll @@ -67,15 +67,3 @@ module ReflectedXss { } } } - -/** DEPRECATED: Use `ReflectedXss::Source` instead. */ -deprecated class XssSource = ReflectedXss::Source; - -/** DEPRECATED: Use `ReflectedXss::Sink` instead. */ -deprecated class XssSink = ReflectedXss::Sink; - -/** DEPRECATED: Use `ReflectedXss::Sanitizer` instead. */ -deprecated class XssSanitizer = ReflectedXss::Sanitizer; - -/** DEPRECATED: Use `ReflectedXss::Configuration` instead. */ -deprecated class XssDataFlowConfiguration = ReflectedXss::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/RegExpInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/RegExpInjection.qll index cba356751687..17f4287a5c0d 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/RegExpInjection.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/RegExpInjection.qll @@ -68,15 +68,3 @@ module RegExpInjection { } } } - -/** DEPRECATED: Use `RegExpInjection::Source` instead. */ -deprecated class RegExpInjectionSource = RegExpInjection::Source; - -/** DEPRECATED: Use `RegExpInjection::Sink` instead. */ -deprecated class RegExpInjectionSink = RegExpInjection::Sink; - -/** DEPRECATED: Use `RegExpInjection::Sanitizer` instead. */ -deprecated class RegExpInjectionSanitizer = RegExpInjection::Sanitizer; - -/** DEPRECATED: Use `RegExpInjection::Configuration` instead. */ -deprecated class RegExpInjectionTaintTrackingConfiguration = RegExpInjection::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll index 5cc3c5930194..e9941c15696e 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/ServerSideUrlRedirect.qll @@ -101,15 +101,3 @@ module ServerSideUrlRedirect { } } } - -/** DEPRECATED: Use `ServerSideUrlRedirect::Source` instead. */ -deprecated class ServerSideUrlRedirectSource = ServerSideUrlRedirect::Source; - -/** DEPRECATED: Use `ServerSideUrlRedirect::Sink` instead. */ -deprecated class ServerSideUrlRedirectSink = ServerSideUrlRedirect::Sink; - -/** DEPRECATED: Use `ServerSideUrlRedirect::Sanitizer` instead. */ -deprecated class ServerSideUrlRedirectSanitizer = ServerSideUrlRedirect::Sanitizer; - -/** DEPRECATED: Use `ServerSideUrlRedirect::Configuration` instead. */ -deprecated class ServerSideUrlRedirectDataFlowConfiguration = ServerSideUrlRedirect::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll b/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll index e817ac77d2b9..7522ded52c12 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/SqlInjection.qll @@ -50,15 +50,3 @@ module SqlInjection { SanitizerExpr() { astNode = any(SQL::SqlSanitizer ss).getOutput() } } } - -/** DEPRECATED: Use `SqlInjection::Source` instead. */ -deprecated class SqlInjectionSource = SqlInjection::Source; - -/** DEPRECATED: Use `SqlInjection::Sink` instead. */ -deprecated class SqlInjectionSink = SqlInjection::Sink; - -/** DEPRECATED: Use `SqlInjection::Sanitizer` instead. */ -deprecated class SqlInjectionSanitizer = SqlInjection::Sanitizer; - -/** DEPRECATED: Use `SqlInjection::Configuration` instead. */ -deprecated class SqlInjectionTrackingConfig = SqlInjection::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/StackTraceExposure.qll b/javascript/ql/src/semmle/javascript/security/dataflow/StackTraceExposure.qll index 84ac7878e59c..9b99864311f6 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/StackTraceExposure.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/StackTraceExposure.qll @@ -53,12 +53,3 @@ module StackTraceExposure { */ class DefaultSink extends Sink, DataFlow::ValueNode { override HTTP::ResponseBody astNode; } } - -/** DEPRECATED: Use `StackTraceExposure::Source` instead. */ -deprecated class StackTraceExposureSource = StackTraceExposure::Source; - -/** DEPRECATED: Use `StackTraceExposure::Sink` instead. */ -deprecated class StackTraceExposureSink = StackTraceExposure::Sink; - -/** DEPRECATED: Use `StackTraceExposure::Configuration` instead. */ -deprecated class StackTraceExposureTrackingConfig = StackTraceExposure::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll index d97ecc91f5a1..64b154dc0b5c 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll @@ -150,15 +150,3 @@ module TaintedPath { } } } - -/** DEPRECATED: Use `TaintedPath::Source` instead. */ -deprecated class TaintedPathSource = TaintedPath::Source; - -/** DEPRECATED: Use `TaintedPath::Sink` instead. */ -deprecated class TaintedPathSink = TaintedPath::Sink; - -/** DEPRECATED: Use `TaintedPath::Sanitizer` instead. */ -deprecated class TaintedPathSanitizer = TaintedPath::Sanitizer; - -/** DEPRECATED: Use `TaintedPath::Configuration` instead. */ -deprecated class TaintedPathTrackingConfig = TaintedPath::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDeserialization.qll b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDeserialization.qll index 86b518bdf8de..ba3a2bfb5dba 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDeserialization.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/UnsafeDeserialization.qll @@ -65,15 +65,3 @@ module UnsafeDeserialization { } } } - -/** DEPRECATED: Use `UnsafeDeserialization::Source` instead. */ -deprecated class UnsafeDeserializationSource = UnsafeDeserialization::Source; - -/** DEPRECATED: Use `UnsafeDeserialization::Sink` instead. */ -deprecated class UnsafeDeserializationSink = UnsafeDeserialization::Sink; - -/** DEPRECATED: Use `UnsafeDeserialization::Sanitizer` instead. */ -deprecated class UnsafeDeserializationSanitizer = UnsafeDeserialization::Sanitizer; - -/** DEPRECATED: Use `UnsafeDeserialization::Configuration` instead. */ -deprecated class UnsafeDeserializationTrackingConfig = UnsafeDeserialization::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/XmlBomb.qll b/javascript/ql/src/semmle/javascript/security/dataflow/XmlBomb.qll index a1872fce9487..c616b0f2d398 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/XmlBomb.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/XmlBomb.qll @@ -62,15 +62,3 @@ module XmlBomb { } } } - -/** DEPRECATED: Use `XmlBomb::Source` instead. */ -deprecated class XmlBombSource = XmlBomb::Source; - -/** DEPRECATED: Use `XmlBomb::Sink` instead. */ -deprecated class XmlBombSink = XmlBomb::Sink; - -/** DEPRECATED: Use `XmlBomb::Sanitizer` instead. */ -deprecated class XmlBombSanitizer = XmlBomb::Sanitizer; - -/** DEPRECATED: Use `XmlBomb::Configuration` instead. */ -deprecated class XmlBomTrackingConfig = XmlBomb::Configuration; diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/Xxe.qll b/javascript/ql/src/semmle/javascript/security/dataflow/Xxe.qll index 144e1501e595..d05a7551f21f 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/Xxe.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xxe.qll @@ -65,15 +65,3 @@ module Xxe { } } } - -/** DEPRECATED: Use `Xxe::Source` instead. */ -deprecated class XxeSource = Xxe::Source; - -/** DEPRECATED: Use `Xxe::Sink` instead. */ -deprecated class XxeSink = Xxe::Sink; - -/** DEPRECATED: Use `Xxe::Sanitizer` instead. */ -deprecated class XxeSanitizer = Xxe::Sanitizer; - -/** DEPRECATED: Use `Xxe::Configuration` instead. */ -deprecated class XxeTrackingConfig = Xxe::Configuration; diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected deleted file mode 100644 index 621e6dcbf8e5..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.expected +++ /dev/null @@ -1,14 +0,0 @@ -WARNING: Predicate flowsFrom has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:21,11-20) -WARNING: Type SanitizingGuard has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:8,34-64) -WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:14,20-44) -WARNING: Type XssDataFlowConfiguration has been deprecated and may be removed in future (ReflectedXssWithCustomSanitizer_old.ql:20,6-30) -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value | -| formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | -| formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | -| partial.js:10:14:10:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:13:42:13:48 | req.url | user-provided value | -| partial.js:19:14:19:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:22:51:22:57 | req.url | user-provided value | -| partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value | -| partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value | -| promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value | -| tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value | -| tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.ql deleted file mode 100644 index 645a0406843f..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssWithCustomSanitizer_old.ql +++ /dev/null @@ -1,23 +0,0 @@ -// -// This is a test for https://lgtm.com/blog/etherpad_CVE-2018-6835 -// - -import javascript -import semmle.javascript.security.dataflow.ReflectedXss - -class IsVarNameSanitizer extends TaintTracking::SanitizingGuard, CallExpr { - IsVarNameSanitizer() { - getCalleeName() = "isVarName" - } - - override predicate sanitizes(TaintTracking::Configuration cfg, boolean outcome, Expr e) { - cfg instanceof XssDataFlowConfiguration and - outcome = true and - e = getArgument(0) - } -} - -from XssDataFlowConfiguration xss, DataFlow::Node source, DataFlow::Node sink -where xss.flowsFrom(sink, source) -select sink, "Cross-site scripting vulnerability due to $@.", - source, "user-provided value"