Python: Solve deprecation warnings for old experimental queries

Author: RasmusWL

python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql

@@ -21,11 +21,11 @@ import semmle.python.security.strings.Untrusted
 class TemplateInjectionConfiguration extends TaintTracking::Configuration {
   TemplateInjectionConfiguration() { this = "Template injection configuration" }
 
-  override predicate isSource(TaintTracking::Source source) {
+  deprecated override predicate isSource(TaintTracking::Source source) {
     source instanceof HttpRequestTaintSource
   }
 
-  override predicate isSink(TaintTracking::Sink sink) { sink instanceof SSTISink }
+  deprecated override predicate isSink(TaintTracking::Sink sink) { sink instanceof SSTISink }
 }
 
 from TemplateInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink

python/ql/src/experimental/Security/CWE-091/Xslt.ql

@@ -20,11 +20,11 @@ import experimental.semmle.python.security.injection.XSLT
 class XSLTInjectionConfiguration extends TaintTracking::Configuration {
   XSLTInjectionConfiguration() { this = "XSLT injection configuration" }
 
-  override predicate isSource(TaintTracking::Source source) {
+  deprecated override predicate isSource(TaintTracking::Source source) {
     source instanceof HttpRequestTaintSource
   }
 
-  override predicate isSink(TaintTracking::Sink sink) {
+  deprecated override predicate isSink(TaintTracking::Sink sink) {
     sink instanceof XSLTInjection::XSLTInjectionSink
   }
 }

python/ql/src/experimental/semmle/python/security/injection/XSLT.qll

@@ -21,7 +21,7 @@ module XSLTInjection {
   /**
    * A kind of "taint", representing an untrusted XML string
    */
-  private class ExternalXmlStringKind extends ExternalStringKind {
+  deprecated private class ExternalXmlStringKind extends ExternalStringKind {
     ExternalXmlStringKind() { this = "etree.XML string" }
 
     override TaintKind getTaintForFlowStep(ControlFlowNode fromnode, ControlFlowNode tonode) {

python/ql/src/experimental/semmle/python/templates/Airspeed.qll

@@ -5,15 +5,15 @@ import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
 /** returns the ClassValue representing `airspeed.Template` */
-ClassValue theAirspeedTemplateClass() { result = Value::named("airspeed.Template") }
+deprecated ClassValue theAirspeedTemplateClass() { result = Value::named("airspeed.Template") }
 
 /**
  * Sink representing the `airspeed.Template` class instantiation argument.
  *
  *  import airspeed
  *  temp = airspeed.Template(`"sink"`)
  */
-class AirspeedTemplateSink extends SSTISink {
+deprecated class AirspeedTemplateSink extends SSTISink {
   override string toString() { result = "argument to airspeed.Template()" }
 
   AirspeedTemplateSink() {

python/ql/src/experimental/semmle/python/templates/Bottle.qll

@@ -5,15 +5,17 @@ import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
 /** returns the ClassValue representing `bottle.SimpleTemplate` */
-ClassValue theBottleSimpleTemplateClass() { result = Value::named("bottle.SimpleTemplate") }
+deprecated ClassValue theBottleSimpleTemplateClass() {
+  result = Value::named("bottle.SimpleTemplate")
+}
 
 /**
  * Sink representing the `bottle.SimpleTemplate` class instantiation argument.
  *
  *  from bottle import SimpleTemplate
  *  template = SimpleTemplate(`sink`)
  */
-class BottleSimpleTemplateSink extends SSTISink {
+deprecated class BottleSimpleTemplateSink extends SSTISink {
   override string toString() { result = "argument to bottle.SimpleTemplate()" }
 
   BottleSimpleTemplateSink() {
@@ -32,7 +34,7 @@ class BottleSimpleTemplateSink extends SSTISink {
  *  from bottle import template
  *  tmp = template(`sink`)
  */
-class BottleTemplateSink extends SSTISink {
+deprecated class BottleTemplateSink extends SSTISink {
   override string toString() { result = "argument to bottle.template()" }
 
   BottleTemplateSink() {

python/ql/src/experimental/semmle/python/templates/Chameleon.qll

@@ -5,15 +5,17 @@ import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
 /** returns the ClassValue representing `chameleon.PageTemplate` */
-ClassValue theChameleonPageTemplateClass() { result = Value::named("chameleon.PageTemplate") }
+deprecated ClassValue theChameleonPageTemplateClass() {
+  result = Value::named("chameleon.PageTemplate")
+}
 
 /**
  * Sink representing the `chameleon.PageTemplate` class instantiation argument.
  *
  *  from chameleon import PageTemplate
  *  template = PageTemplate(`sink`)
  */
-class ChameleonTemplateSink extends SSTISink {
+deprecated class ChameleonTemplateSink extends SSTISink {
   override string toString() { result = "argument to Chameleon.PageTemplate()" }
 
   ChameleonTemplateSink() {

python/ql/src/experimental/semmle/python/templates/Cheetah.qll

@@ -5,7 +5,9 @@ import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
 /** returns the ClassValue representing `Cheetah.Template.Template` */
-ClassValue theCheetahTemplateClass() { result = Value::named("Cheetah.Template.Template") }
+deprecated ClassValue theCheetahTemplateClass() {
+  result = Value::named("Cheetah.Template.Template")
+}
 
 /**
  * Sink representing the instantiation argument of any class which derives from
@@ -22,7 +24,7 @@ ClassValue theCheetahTemplateClass() { result = Value::named("Cheetah.Template.T
  *  from Cheetah.Template import Template
  *  t3 = Template("sink")
  */
-class CheetahTemplateInstantiationSink extends SSTISink {
+deprecated class CheetahTemplateInstantiationSink extends SSTISink {
   override string toString() { result = "argument to Cheetah.Template.Template()" }
 
   CheetahTemplateInstantiationSink() {

python/ql/src/experimental/semmle/python/templates/Chevron.qll

@@ -5,15 +5,15 @@ import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
 /** returns the Value representing `chevron.render` function */
-Value theChevronRenderFunc() { result = Value::named("chevron.render") }
+deprecated Value theChevronRenderFunc() { result = Value::named("chevron.render") }
 
 /**
  * Sink representing the `chevron.render` function call argument.
  *
  *  import chevron
  *  tmp = chevron.render(`sink`,{ 'key' : 'value' })
  */
-class ChevronRenderSink extends SSTISink {
+deprecated class ChevronRenderSink extends SSTISink {
   override string toString() { result = "argument to chevron.render()" }
 
   ChevronRenderSink() {

python/ql/src/experimental/semmle/python/templates/DjangoTemplate.qll

@@ -4,15 +4,15 @@ import python
 import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
-ClassValue theDjangoTemplateClass() { result = Value::named("django.template.Template") }
+deprecated ClassValue theDjangoTemplateClass() { result = Value::named("django.template.Template") }
 
 /**
  * Sink representng `django.template.Template` class instantiation argument.
  *
  *  from django.template import Template
  *  template = Template(`sink`)
  */
-class DjangoTemplateTemplateSink extends SSTISink {
+deprecated class DjangoTemplateTemplateSink extends SSTISink {
   override string toString() { result = "argument to Django.template()" }
 
   DjangoTemplateTemplateSink() {

python/ql/src/experimental/semmle/python/templates/FlaskTemplate.qll

@@ -4,15 +4,17 @@ import python
 import semmle.python.web.HttpRequest
 import experimental.semmle.python.templates.SSTISink
 
-Value theFlaskRenderTemplateClass() { result = Value::named("flask.render_template_string") }
+deprecated Value theFlaskRenderTemplateClass() {
+  result = Value::named("flask.render_template_string")
+}
 
 /**
  * Sink representng `flask.render_template_string` function call argument.
  *
  *  from flask import render_template_string
  *  render_template_string(`sink`)
  */
-class FlaskTemplateSink extends SSTISink {
+deprecated class FlaskTemplateSink extends SSTISink {
   override string toString() { result = "argument to flask.render_template_string()" }
 
   FlaskTemplateSink() {