diff --git a/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..b1a31ea6eb5a --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,9 @@ +--- +category: breaking +--- +* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`. +* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`. +* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`. +* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`. diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll index 4a8ea4ebd43d..72e742f13aa0 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll @@ -98,19 +98,6 @@ class Node extends TNode { /** Gets the location of this element. */ Location getLocation() { none() } // overridden by subclasses - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** * Gets an upper bound on the type of this node. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 62ad9f02fe29..ab6a9da6d85d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -538,19 +538,6 @@ class Node extends TIRDataFlowNode { none() // overridden by subclasses } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** Gets a textual representation of this element. */ cached final string toString() { diff --git a/cpp/ql/lib/semmle/code/cpp/security/Security.qll b/cpp/ql/lib/semmle/code/cpp/security/Security.qll index 63bdd685a205..df1555ec4c8d 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/Security.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/Security.qll @@ -42,58 +42,6 @@ class SecurityOptions extends string { ) } - /** - * The argument of the given function is filled in from user input. - */ - deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { - exists(string fname | - functionCall.getTarget().hasGlobalOrStdName(fname) and - exists(functionCall.getArgument(arg)) and - ( - fname = ["fread", "fgets", "fgetws", "gets"] and arg = 0 - or - fname = "scanf" and arg >= 1 - or - fname = "fscanf" and arg >= 2 - ) - or - functionCall.getTarget().hasGlobalName(fname) and - exists(functionCall.getArgument(arg)) and - fname = "getaddrinfo" and - arg = 3 - ) - or - exists(RemoteFlowSourceFunction remote, FunctionOutput output | - functionCall.getTarget() = remote and - output.isParameterDerefOrQualifierObject(arg) and - remote.hasRemoteFlowSource(output, _) - ) - } - - /** - * The return value of the given function is filled in from user input. - */ - deprecated predicate userInputReturned(FunctionCall functionCall) { - exists(string fname | - functionCall.getTarget().getName() = fname and - ( - fname = ["fgets", "gets"] or - this.userInputReturn(fname) - ) - ) - or - exists(RemoteFlowSourceFunction remote, FunctionOutput output | - functionCall.getTarget() = remote and - (output.isReturnValue() or output.isReturnValueDeref()) and - remote.hasRemoteFlowSource(output, _) - ) - } - - /** - * DEPRECATED: Users should override `userInputReturned()` instead. - */ - deprecated predicate userInputReturn(string function) { none() } - /** * The argument of the given function is used for running a process or loading * a library. @@ -108,29 +56,6 @@ class SecurityOptions extends string { function = ["LoadLibrary", "LoadLibraryA", "LoadLibraryW"] and arg = 0 } - /** - * This predicate should hold if the expression is directly - * computed from user input. Such expressions are treated as - * sources of taint. - */ - deprecated predicate isUserInput(Expr expr, string cause) { - exists(FunctionCall fc, int i | - this.userInputArgument(fc, i) and - expr = fc.getArgument(i) and - cause = fc.getTarget().getName() - ) - or - exists(FunctionCall fc | - this.userInputReturned(fc) and - expr = fc and - cause = fc.getTarget().getName() - ) - or - commandLineArg(expr) and cause = "argv" - or - expr.(EnvironmentRead).getSourceDescription() = cause - } - /** * This predicate should hold if the expression raises privilege for the * current session. The default definition only holds true for some @@ -152,16 +77,6 @@ class SecurityOptions extends string { } } -/** - * An access to the argv argument to main(). - */ -private predicate commandLineArg(Expr e) { - exists(Parameter argv | - argv(argv) and - argv.getAnAccess() = e - ) -} - /** The argv parameter to the main function */ predicate argv(Parameter argv) { exists(Function f | @@ -173,21 +88,6 @@ predicate argv(Parameter argv) { /** Convenience accessor for SecurityOptions.isPureFunction */ predicate isPureFunction(string name) { exists(SecurityOptions opts | opts.isPureFunction(name)) } -/** Convenience accessor for SecurityOptions.userInputArgument */ -deprecated predicate userInputArgument(FunctionCall functionCall, int arg) { - exists(SecurityOptions opts | opts.userInputArgument(functionCall, arg)) -} - -/** Convenience accessor for SecurityOptions.userInputReturn */ -deprecated predicate userInputReturned(FunctionCall functionCall) { - exists(SecurityOptions opts | opts.userInputReturned(functionCall)) -} - -/** Convenience accessor for SecurityOptions.isUserInput */ -deprecated predicate isUserInput(Expr expr, string cause) { - exists(SecurityOptions opts | opts.isUserInput(expr, cause)) -} - /** Convenience accessor for SecurityOptions.isProcessOperationArgument */ predicate isProcessOperationArgument(string function, int arg) { exists(SecurityOptions opts | opts.isProcessOperationArgument(function, arg)) diff --git a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll index 81815971478a..612b495d3e68 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/SecurityOptions.qll @@ -22,28 +22,4 @@ class CustomSecurityOptions extends SecurityOptions { // for example: (function = "MySpecialSqlFunction" and arg = 0) none() // rules to match custom functions replace this line } - - deprecated override predicate userInputArgument(FunctionCall functionCall, int arg) { - SecurityOptions.super.userInputArgument(functionCall, arg) - or - exists(string fname | - functionCall.getTarget().hasGlobalName(fname) and - exists(functionCall.getArgument(arg)) and - // --- custom functions that return user input via one of their arguments: - // 'arg' is the 0-based index of the argument that is used to return user input - // for example: (fname = "readXmlInto" and arg = 1) - none() // rules to match custom functions replace this line - ) - } - - deprecated override predicate userInputReturned(FunctionCall functionCall) { - SecurityOptions.super.userInputReturned(functionCall) - or - exists(string fname | - functionCall.getTarget().hasGlobalName(fname) and - // --- custom functions that return user input via their return value: - // for example: fname = "xmlReadAttribute" - none() // rules to match custom functions replace this line - ) - } } diff --git a/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md b/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md new file mode 100644 index 000000000000..072e6bba5cda --- /dev/null +++ b/swift/ql/lib/change-notes/2025-05-18-2025-May-outdated-deprecations.md @@ -0,0 +1,10 @@ +--- +category: breaking +--- +* Deleted the deprecated `parseContent` predicate from the `ExternalFlow.qll`. +* Deleted the deprecated `hasLocationInfo` predicate from the `DataFlowPublic.qll`. +* Deleted the deprecated `SummaryComponent` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` class from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponent` module from the `FlowSummary.qll`. +* Deleted the deprecated `SummaryComponentStack` module from the `FlowSummary.qll`. +* Deleted the deprecated `RequiredSummaryComponentStack` class from the `FlowSummary.qll`. diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll index f396f9536e82..7fac65ecde5d 100644 --- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll @@ -446,44 +446,6 @@ Element interpretElement( ) } -deprecated private predicate parseField(AccessPathToken c, Content::FieldContent f) { - exists(string fieldRegex, string name | - c.getName() = "Field" and - fieldRegex = "^([^.]+)$" and - name = c.getAnArgument().regexpCapture(fieldRegex, 1) and - f.getField().getName() = name - ) -} - -deprecated private predicate parseTuple(AccessPathToken c, Content::TupleContent t) { - c.getName() = "TupleElement" and - t.getIndex() = c.getAnArgument().toInt() -} - -deprecated private predicate parseEnum(AccessPathToken c, Content::EnumContent e) { - c.getName() = "EnumElement" and - c.getAnArgument() = e.getSignature() - or - c.getName() = "OptionalSome" and - e.getSignature() = "some:0" -} - -/** Holds if the specification component parses as a `Content`. */ -deprecated predicate parseContent(AccessPathToken component, Content content) { - parseField(component, content) - or - parseTuple(component, content) - or - parseEnum(component, content) - or - // map legacy "ArrayElement" specification components to `CollectionContent` - component.getName() = "ArrayElement" and - content instanceof Content::CollectionContent - or - component.getName() = "CollectionElement" and - content instanceof Content::CollectionContent -} - cached private module Cached { /** diff --git a/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll b/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll index fadee4aee6f4..0cec06a7c9cc 100644 --- a/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll +++ b/swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll @@ -13,14 +13,4 @@ private module Summaries { private import codeql.swift.frameworks.Frameworks } -deprecated class SummaryComponent = Impl::Private::SummaryComponent; - -deprecated module SummaryComponent = Impl::Private::SummaryComponent; - -deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack; - -deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack; - class SummarizedCallable = Impl::Public::SummarizedCallable; - -deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack; diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index b14bd5d5f592..0c5a4fbb2a63 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -19,19 +19,6 @@ class Node extends TNode { cached final Location getLocation() { result = this.(NodeImpl).getLocationImpl() } - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - deprecated predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - /** * Gets the expression that corresponds to this node, if any. */ diff --git a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll index 5aba8ffa1b09..ade9d9f1437d 100755 --- a/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll +++ b/swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingQuery.qll @@ -40,8 +40,4 @@ module WeakSensitiveDataHashingConfig implements DataFlow::ConfigSig { } } -deprecated module WeakHashingConfig = WeakSensitiveDataHashingConfig; - module WeakSensitiveDataHashingFlow = TaintTracking::Global; - -deprecated module WeakHashingFlow = WeakSensitiveDataHashingFlow;