Fix various compilation issues.

michaelnebel · michaelnebel · commit e5766f8426a9 · 2025-01-14T11:54:26.000+01:00
diff --git a/csharp/src/audit/explore/Dependencies.ql b/csharp/src/audit/explore/Dependencies.ql
@@ -9,7 +9,7 @@
 
 private import csharp
 private import semmle.code.csharp.dispatch.Dispatch
-private import Telemetry.ExternalApi
+private import semmle.code.csharp.telemetry.ExternalApi
 
 private predicate getRelevantUsages(string namespace, int usages) {
   usages =
diff --git a/csharp/src/library_sources/ExternalAPIsQuery.qll b/csharp/src/library_sources/ExternalAPIsQuery.qll
@@ -98,19 +98,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   }
 }
 
-/**
- * DEPRECATED: Use `RemoteSourceToExternalApi` instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
diff --git a/csharp/src/security/dataflow/flowsources/AuthCookie.qll b/csharp/src/security/dataflow/flowsources/AuthCookie.qll
@@ -114,61 +114,6 @@ Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) {
  */
 predicate isPropertySet(ObjectCreation oc, string prop) { exists(getAValueForProp(oc, _, prop)) }
 
-/**
- * Tracks if a callback used in `OnAppendCookie` sets a cookie property to `true`.
- */
-abstract deprecated private class OnAppendCookieTrackingConfig extends DataFlow::Configuration {
-  bindingset[this]
-  OnAppendCookieTrackingConfig() { any() }
-
-  /**
-   * Specifies the cookie property name to track.
-   */
-  abstract string propertyName();
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(PropertyWrite pw, Assignment delegateAssign, Callable c |
-      pw.getProperty().getName() = "OnAppendCookie" and
-      pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreBuilderCookiePolicyOptions and
-      delegateAssign.getLValue() = pw and
-      (
-        exists(LambdaExpr lambda |
-          delegateAssign.getRValue() = lambda and
-          lambda = c
-        )
-        or
-        exists(DelegateCreation delegate |
-          delegateAssign.getRValue() = delegate and
-          delegate.getArgument().(CallableAccess).getTarget() = c
-        )
-      ) and
-      c.getParameter(0) = source.asParameter()
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(PropertyWrite pw, Assignment a |
-      pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
-      pw.getProperty().getName() = this.propertyName() and
-      a.getLValue() = pw and
-      exists(Expr val |
-        DataFlow::localExprFlow(val, a.getRValue()) and
-        val.getValue() = "true"
-      ) and
-      sink.asExpr() = pw.getQualifier()
-    )
-  }
-
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node2.asExpr() =
-      any(PropertyRead pr |
-        pr.getQualifier() = node1.asExpr() and
-        pr.getProperty().getDeclaringType() instanceof
-          MicrosoftAspNetCoreCookiePolicyAppendCookieContext
-      )
-  }
-}
-
 private signature string propertyName();
 
 /**
diff --git a/java/lib/ghsl/Encoding.qll b/java/lib/ghsl/Encoding.qll
@@ -1,7 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 
 module Base64 {
   abstract class Encoding extends DataFlow::Node { }
diff --git a/java/lib/ghsl/Logging.qll b/java/lib/ghsl/Logging.qll
@@ -1,7 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 
 abstract class LoggingMethodsSinks extends DataFlow::Node { }
 
diff --git a/java/lib/ghsl/SensitiveInformation.qll b/java/lib/ghsl/SensitiveInformation.qll
@@ -1,7 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 
 abstract class SensitiveInformationSources extends DataFlow::Node { }
 
diff --git a/java/lib/semmle/code/java/security/SpringUrlRedirect.qll b/java/lib/semmle/code/java/security/SpringUrlRedirect.qll
@@ -53,7 +53,7 @@ private class SpringViewUrlRedirectSink extends SpringUrlRedirectSink {
     )
     or
     exists(MethodCall ma, RedirectAppendCall rac |
-      DataFlow2::localExprFlow(rac.getQualifier(), ma.getQualifier()) and
+      DataFlow::localExprFlow(rac.getQualifier(), ma.getQualifier()) and
       ma.getMethod().hasName("append") and
       ma.getArgument(0) = this.asExpr() and
       any(SpringRequestMappingMethod sqmm).polyCalls*(this.getEnclosingCallable())
diff --git a/java/src/audit/CWE-079/XSSJSPLenient.ql b/java/src/audit/CWE-079/XSSJSPLenient.ql
@@ -13,7 +13,6 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 import semmle.code.java.security.XSS
 import semmle.code.java.frameworks.Servlets
 import JSPLocations
@@ -106,10 +105,11 @@ class JSPTaintStep extends XssAdditionalTaintStep {
     exists(EvalCall propEval, AddAttrCall addAttr |
       varAppearsInEvalExpr(addAttr.getAttrName(), propEval.getEvalString()) and
       (
-        exists(RedirectToJsp rtj | rtj.(ControlFlowNode).getAPredecessor*() = addAttr)
+        exists(RedirectToJsp rtj | rtj.getControlFlowNode().getAPredecessor*().asExpr() = addAttr)
         implies
         propEval.getFile() =
-          any(RedirectToJsp rtj | rtj.(ControlFlowNode).getAPredecessor*() = addAttr).getJspFile()
+          any(RedirectToJsp rtj | rtj.getControlFlowNode().getAPredecessor*().asExpr() = addAttr)
+              .getJspFile()
       )
     |
       node1.asExpr() = addAttr.getAttrValue() and
@@ -129,11 +129,11 @@ class ForEachStep extends XssAdditionalTaintStep {
       v.getType().getName() = "ForEachTag" and
       exists(DataFlow::Node ctxSrc |
         ContextFlow::ContextFlow::flow(ctxSrc,
-          DataFlow2::exprNode(methodCallOn("setPageContext", v).getArgument(0))) and
-        ContextFlow::ContextFlow::flow(ctxSrc, DataFlow2::exprNode(eval.getCtxExpr()))
+          DataFlow::exprNode(methodCallOn("setPageContext", v).getArgument(0))) and
+        ContextFlow::ContextFlow::flow(ctxSrc, DataFlow::exprNode(eval.getCtxExpr()))
         // config
-        //     .hasFlow(ctxSrc, DataFlow2::exprNode(methodCallOn("setPageContext", v).getArgument(0))) and
-        // config.hasFlow(ctxSrc, DataFlow2::exprNode(eval.getCtxExpr()))
+        //     .hasFlow(ctxSrc, DataFlow::exprNode(methodCallOn("setPageContext", v).getArgument(0))) and
+        // config.hasFlow(ctxSrc, DataFlow::exprNode(eval.getCtxExpr()))
       ) and
       node1.asExpr() = methodCallOn("setItems", v).getArgument(0) and
       node2.asExpr() = eval and
@@ -169,7 +169,7 @@ class RedirectToJsp extends ReturnStmt {
   File jsp;
 
   RedirectToJsp() {
-    exists(DataFlow2::Node strLit, DataFlow2::Node retVal |
+    exists(DataFlow::Node strLit, DataFlow::Node retVal |
       strLit.asExpr().(StringLiteral).getValue().splitAt("/") + "_jsp.java" = jsp.getBaseName()
     |
       retVal.asExpr() = this.getResult() and LiteralConfig::LiteralFlow::flow(strLit, retVal)
diff --git a/java/src/library_sources/ExternalAPIs.qll b/java/src/library_sources/ExternalAPIs.qll
@@ -97,19 +97,6 @@ class ExternalApiDataNode extends DataFlow::Node {
   string getMethodDescription() { result = this.getMethod().getQualifiedName() }
 }
 
-/**
- * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
- *
- * A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
- */
-deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
-  UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
-}
-
 /**
  * Taint tracking configuration for flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s.
  */
diff --git a/java/src/security/CWE-079/XSSJSP.ql b/java/src/security/CWE-079/XSSJSP.ql
@@ -12,7 +12,6 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 import semmle.code.java.security.XSS
 import JSPLocations
 
@@ -48,10 +47,11 @@ class JSPTaintStep extends XssAdditionalTaintStep {
           .getValue()
           .regexpMatch(".*\\$\\{" + key.getValue() + "\\}.*") and
       (
-        exists(RedirectToJsp rtj | rtj.(ControlFlowNode).getAPredecessor*() = addAttr)
+        exists(RedirectToJsp rtj | rtj.getControlFlowNode().getAPredecessor*().asExpr() = addAttr)
         implies
         propEval.getFile() =
-          any(RedirectToJsp rtj | rtj.(ControlFlowNode).getAPredecessor*() = addAttr).getJspFile()
+          any(RedirectToJsp rtj | rtj.getControlFlowNode().getAPredecessor*().asExpr() = addAttr)
+              .getJspFile()
       )
     |
       node1.asExpr() = addAttr.getArgument(1) and
@@ -74,7 +74,7 @@ class RedirectToJsp extends ReturnStmt {
   File jsp;
 
   RedirectToJsp() {
-    exists(DataFlow2::Node strLit, DataFlow2::Node retVal |
+    exists(DataFlow::Node strLit, DataFlow::Node retVal |
       strLit.asExpr().(StringLiteral).getValue().splitAt("/") + "_jsp.java" = jsp.getBaseName()
     |
       retVal.asExpr() = this.getResult() and LiteralConfig::LiteralFlow::flow(strLit, retVal)
diff --git a/java/src/security/CWE-094/SpringViewManipulationLib.qll b/java/src/security/CWE-094/SpringViewManipulationLib.qll
@@ -55,7 +55,7 @@ module SpringViewManipulationConfig implements DataFlow::ConfigSig {
     // a = "redirect:" + taint`
     // ```
     exists(AddExpr e, StringLiteral sl |
-      node.asExpr() = e.getControlFlowNode().getASuccessor*() and
+      node.asExpr() = e.getControlFlowNode().getASuccessor*().asExpr() and
       sl = e.getLeftOperand*() and
       sl.getValue().matches(["redirect:%", "ajaxredirect:%", "forward:%"])
     )
diff --git a/java/src/security/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll b/java/src/security/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll
@@ -95,7 +95,7 @@ private class ProduceCiphertextCall extends ProduceCryptoCall {
 }
 
 /** Holds if `fromNode` to `toNode` is a dataflow step that updates a cryptographic operation. */
-private predicate updateCryptoOperationStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) {
+private predicate updateCryptoOperationStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
   exists(MethodCall call, Method m |
     m = call.getMethod() and
     call.getQualifier() = toNode.asExpr() and
@@ -111,7 +111,7 @@ private predicate updateCryptoOperationStep(DataFlow2::Node fromNode, DataFlow2:
 }
 
 /** Holds if `fromNode` to `toNode` is a dataflow step that creates a hash. */
-private predicate createMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) {
+private predicate createMessageDigestStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
   exists(MethodCall ma, Method m | m = ma.getMethod() |
     m.getDeclaringType().hasQualifiedName("java.security", "MessageDigest") and
     m.hasStringSignature("digest()") and
@@ -135,7 +135,7 @@ private predicate createMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::N
 }
 
 /** Holds if `fromNode` to `toNode` is a dataflow step that updates a hash. */
-private predicate updateMessageDigestStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) {
+private predicate updateMessageDigestStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
   exists(MethodCall ma, Method m | m = ma.getMethod() |
     m.hasQualifiedName("java.security", "MessageDigest", "update") and
     ma.getArgument(0) = fromNode.asExpr() and
@@ -154,7 +154,7 @@ private module UserInputInCryptoOperationConfig implements DataFlow::ConfigSig {
     exists(ProduceCryptoCall call | call.getQualifier() = sink.asExpr())
   }
 
-  predicate isAdditionalFlowStep(DataFlow2::Node fromNode, DataFlow2::Node toNode) {
+  predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
     updateCryptoOperationStep(fromNode, toNode)
     or
     createMessageDigestStep(fromNode, toNode)
diff --git a/java/src/security/CWE-326/Base64Encryption.ql b/java/src/security/CWE-326/Base64Encryption.ql
@@ -14,7 +14,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 // import DataFlow::PathGraph
 // Internal
 import ghsl.SensitiveInformation
diff --git a/java/src/security/CWE-338/WeakPRNG.ql b/java/src/security/CWE-338/WeakPRNG.ql
@@ -15,7 +15,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 
 abstract class RandomNumberGeneratorSinks extends DataFlow::Node { }
 
diff --git a/java/src/security/CWE-532/SensitiveInformation.ql b/java/src/security/CWE-532/SensitiveInformation.ql
@@ -14,7 +14,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 //import DataFlow::PathGraph
 // Internal
 import ghsl.Logging
diff --git a/java/src/security/CWE-611/XXELocal.ql b/java/src/security/CWE-611/XXELocal.ql
@@ -16,7 +16,6 @@
 import java
 import semmle.code.java.security.XmlParsers
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 //import DataFlow::PathGraph
 import ghsl.LocalSources
 
diff --git a/java/src/security/CWE-625/PermissiveDotRegexQuery.qll b/java/src/security/CWE-625/PermissiveDotRegexQuery.qll
@@ -90,11 +90,11 @@ private class CompileRegexSink extends DataFlow::ExprNode {
  * A data flow configuration for regular expressions that include permissive dots.
  */
 private module PermissiveDotRegexConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow2::Node src) { src.asExpr() instanceof PermissiveDotStr }
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof PermissiveDotStr }
 
-  predicate isSink(DataFlow2::Node sink) { sink instanceof CompileRegexSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof CompileRegexSink }
 
-  predicate isBarrier(DataFlow2::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     exists(
       MethodCall ma, Field f // Pattern.compile(PATTERN, Pattern.DOTALL)
     |
diff --git a/java/src/security/CWE-798/HardcodedBase64Usage.ql b/java/src/security/CWE-798/HardcodedBase64Usage.ql
@@ -14,7 +14,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.dataflow.TaintTracking2
 // Internal
 import ghsl.Encoding
 import ghsl.Hardcoded

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ private class SpringViewUrlRedirectSink extends SpringUrlRedirectSink {`
`53`	`53`	`)`
`54`	`54`	`or`
`55`	`55`	`exists(MethodCall ma, RedirectAppendCall rac \|`
`56`		`- DataFlow2::localExprFlow(rac.getQualifier(), ma.getQualifier()) and`
	`56`	`+ DataFlow::localExprFlow(rac.getQualifier(), ma.getQualifier()) and`
`57`	`57`	`ma.getMethod().hasName("append") and`
`58`	`58`	`ma.getArgument(0) = this.asExpr() and`
`59`	`59`	`any(SpringRequestMappingMethod sqmm).polyCalls*(this.getEnclosingCallable())`