Python: Deprecate old library modeling

Author: RasmusWL

python/ql/lib/semmle/python/security/ClearText.qll

@@ -4,7 +4,7 @@ import semmle.python.security.SensitiveData
 import semmle.python.dataflow.Files
 import semmle.python.web.Http
 
-module ClearTextStorage {
+deprecated module ClearTextStorage {
   abstract class Sink extends TaintSink {
     override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
   }
@@ -26,7 +26,7 @@ module ClearTextStorage {
   }
 }
 
-module ClearTextLogging {
+deprecated module ClearTextLogging {
   abstract class Sink extends TaintSink {
     override predicate sinks(TaintKind kind) { kind instanceof SensitiveData }
   }

python/ql/lib/semmle/python/security/Crypto.qll

@@ -3,12 +3,12 @@ import semmle.python.dataflow.TaintTracking
 private import semmle.python.security.SensitiveData
 private import semmle.crypto.Crypto as CryptoLib
 
-abstract class WeakCryptoSink extends TaintSink {
+abstract deprecated class WeakCryptoSink extends TaintSink {
   override predicate sinks(TaintKind taint) { taint instanceof SensitiveData }
 }
 
 /** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */
-module Pycrypto {
+deprecated module Pycrypto {
   ModuleValue cipher(string name) { result = Module::named("Crypto.Cipher").attr(name) }
 
   class CipherInstance extends TaintKind {
@@ -58,7 +58,7 @@ module Pycrypto {
   }
 }
 
-module Cryptography {
+deprecated module Cryptography {
   ModuleValue ciphers() {
     result = Module::named("cryptography.hazmat.primitives.ciphers") and
     result.isPackage()
@@ -128,7 +128,7 @@ module Cryptography {
   }
 }
 
-private class CipherConfig extends TaintTracking::Configuration {
+deprecated private class CipherConfig extends TaintTracking::Configuration {
   CipherConfig() { this = "Crypto cipher config" }
 
   override predicate isSource(TaintTracking::Source source) {

python/ql/lib/semmle/python/security/Exceptions.qll

@@ -7,13 +7,15 @@ import python
 import semmle.python.dataflow.TaintTracking
 import semmle.python.security.strings.Basic
 
-private Value traceback_function(string name) { result = Module::named("traceback").attr(name) }
+deprecated private Value traceback_function(string name) {
+  result = Module::named("traceback").attr(name)
+}
 
 /**
  * This represents information relating to an exception, for instance the
  * message, arguments or parts of the exception traceback.
  */
-class ExceptionInfo extends StringKind {
+deprecated class ExceptionInfo extends StringKind {
   ExceptionInfo() { this = "exception.info" }
 
   override string repr() { result = "exception info" }
@@ -23,12 +25,12 @@ class ExceptionInfo extends StringKind {
  * A class representing sources of information about
  * execution state exposed in tracebacks and the like.
  */
-abstract class ErrorInfoSource extends TaintSource { }
+abstract deprecated class ErrorInfoSource extends TaintSource { }
 
 /**
  * This kind represents exceptions themselves.
  */
-class ExceptionKind extends TaintKind {
+deprecated class ExceptionKind extends TaintKind {
   ExceptionKind() { this = "exception.kind" }
 
   override string repr() { result = "exception" }
@@ -44,7 +46,7 @@ class ExceptionKind extends TaintKind {
  * A source of exception objects, either explicitly created, or captured by an
  * `except` statement.
  */
-class ExceptionSource extends ErrorInfoSource {
+deprecated class ExceptionSource extends ErrorInfoSource {
   ExceptionSource() {
     exists(ClassValue cls |
       cls.getASuperType() = ClassValue::baseException() and
@@ -63,15 +65,15 @@ class ExceptionSource extends ErrorInfoSource {
  * Represents a sequence of pieces of information relating to an exception,
  * for instance the contents of the `args` attribute, or the stack trace.
  */
-class ExceptionInfoSequence extends SequenceKind {
+deprecated class ExceptionInfoSequence extends SequenceKind {
   ExceptionInfoSequence() { this.getItem() instanceof ExceptionInfo }
 }
 
 /**
  * Represents calls to functions in the `traceback` module that return
  * sequences of exception information.
  */
-class CallToTracebackFunction extends ErrorInfoSource {
+deprecated class CallToTracebackFunction extends ErrorInfoSource {
   CallToTracebackFunction() {
     exists(string name |
       name in [
@@ -92,7 +94,7 @@ class CallToTracebackFunction extends ErrorInfoSource {
  * Represents calls to functions in the `traceback` module that return a single
  * string of information about an exception.
  */
-class FormattedTracebackSource extends ErrorInfoSource {
+deprecated class FormattedTracebackSource extends ErrorInfoSource {
   FormattedTracebackSource() { this = traceback_function("format_exc").getACall() }
 
   override string toString() { result = "exception.info.source" }

python/ql/lib/semmle/python/security/SensitiveData.qll

@@ -15,15 +15,15 @@ import semmle.python.web.HttpRequest
 import semmle.python.security.internal.SensitiveDataHeuristics
 private import HeuristicNames
 
-abstract class SensitiveData extends TaintKind {
+abstract deprecated class SensitiveData extends TaintKind {
   bindingset[this]
   SensitiveData() { this = this }
 
   /** Gets the classification of this sensitive data taint kind. */
   abstract SensitiveDataClassification getClassification();
 }
 
-module SensitiveData {
+deprecated module SensitiveData {
   class Secret extends SensitiveData {
     Secret() { this = "sensitive.data.secret" }
 
@@ -115,4 +115,4 @@ module SensitiveData {
 }
 
 //Backwards compatibility
-class SensitiveDataSource = SensitiveData::Source;
+deprecated class SensitiveDataSource = SensitiveData::Source;

python/ql/lib/semmle/python/security/injection/Command.qll

@@ -11,18 +11,18 @@ import semmle.python.dataflow.TaintTracking
 import semmle.python.security.strings.Untrusted
 
 /** Abstract taint sink that is potentially vulnerable to malicious shell commands. */
-abstract class CommandSink extends TaintSink { }
+abstract deprecated class CommandSink extends TaintSink { }
 
-private ModuleObject osOrPopenModule() { result.getName() = ["os", "popen2"] }
+deprecated private ModuleObject osOrPopenModule() { result.getName() = ["os", "popen2"] }
 
-private Object makeOsCall() {
+deprecated private Object makeOsCall() {
   exists(string name | result = ModuleObject::named("subprocess").attr(name) |
     name = ["Popen", "call", "check_call", "check_output", "run"]
   )
 }
 
 /**Special case for first element in sequence. */
-class FirstElementKind extends TaintKind {
+deprecated class FirstElementKind extends TaintKind {
   FirstElementKind() { this = "sequence[" + any(ExternalStringKind key) + "][0]" }
 
   override string repr() { result = "first item in sequence of " + this.getItem().repr() }
@@ -31,7 +31,7 @@ class FirstElementKind extends TaintKind {
   ExternalStringKind getItem() { this = "sequence[" + result + "][0]" }
 }
 
-class FirstElementFlow extends DataFlowExtension::DataFlowNode {
+deprecated class FirstElementFlow extends DataFlowExtension::DataFlowNode {
   FirstElementFlow() { this = any(SequenceNode s).getElement(0) }
 
   override ControlFlowNode getASuccessorNode(TaintKind fromkind, TaintKind tokind) {
@@ -43,7 +43,7 @@ class FirstElementFlow extends DataFlowExtension::DataFlowNode {
  * A taint sink that is potentially vulnerable to malicious shell commands.
  * The `vuln` in `subprocess.call(shell=vuln)` and similar calls.
  */
-class ShellCommand extends CommandSink {
+deprecated class ShellCommand extends CommandSink {
   override string toString() { result = "shell command" }
 
   ShellCommand() {
@@ -81,7 +81,7 @@ class ShellCommand extends CommandSink {
  * A taint sink that is potentially vulnerable to malicious shell commands.
  * The `vuln` in `subprocess.call(vuln, ...)` and similar calls.
  */
-class OsCommandFirstArgument extends CommandSink {
+deprecated class OsCommandFirstArgument extends CommandSink {
   override string toString() { result = "OS command first argument" }
 
   OsCommandFirstArgument() {
@@ -111,7 +111,7 @@ class OsCommandFirstArgument extends CommandSink {
  * A taint sink that is potentially vulnerable to malicious shell commands.
  * The `vuln` in `invoke.run(vuln, ...)` and similar calls.
  */
-class InvokeRun extends CommandSink {
+deprecated class InvokeRun extends CommandSink {
   InvokeRun() {
     this = Value::named("invoke.run").(FunctionValue).getArgumentForCall(_, 0)
     or
@@ -127,12 +127,12 @@ class InvokeRun extends CommandSink {
  * Internal TaintKind to track the invoke.Context instance passed to functions
  * marked with @invoke.task
  */
-private class InvokeContextArg extends TaintKind {
+deprecated private class InvokeContextArg extends TaintKind {
   InvokeContextArg() { this = "InvokeContextArg" }
 }
 
 /** Internal TaintSource to track the context passed to functions marked with @invoke.task */
-private class InvokeContextArgSource extends TaintSource {
+deprecated private class InvokeContextArgSource extends TaintSource {
   InvokeContextArgSource() {
     exists(Function f, Expr decorator |
       count(f.getADecorator()) = 1 and
@@ -158,7 +158,7 @@ private class InvokeContextArgSource extends TaintSource {
  * A taint sink that is potentially vulnerable to malicious shell commands.
  * The `vuln` in `invoke.Context().run(vuln, ...)` and similar calls.
  */
-class InvokeContextRun extends CommandSink {
+deprecated class InvokeContextRun extends CommandSink {
   InvokeContextRun() {
     exists(CallNode call |
       any(InvokeContextArg k).taints(call.getFunction().(AttrNode).getObject("run"))
@@ -187,7 +187,7 @@ class InvokeContextRun extends CommandSink {
  * A taint sink that is potentially vulnerable to malicious shell commands.
  * The `vuln` in `fabric.Group().run(vuln, ...)` and similar calls.
  */
-class FabricGroupRun extends CommandSink {
+deprecated class FabricGroupRun extends CommandSink {
   FabricGroupRun() {
     exists(ClassValue cls |
       cls.getASuperType() = Value::named("fabric.Group") and
@@ -203,7 +203,7 @@ class FabricGroupRun extends CommandSink {
 // -------------------------------------------------------------------------- //
 // Modeling of the 'invoke' package and 'fabric' package (v 1.x)
 // -------------------------------------------------------------------------- //
-class FabricV1Commands extends CommandSink {
+deprecated class FabricV1Commands extends CommandSink {
   FabricV1Commands() {
     // since `run` and `sudo` are decorated, we can't use FunctionValue's :(
     exists(CallNode call |
@@ -228,7 +228,7 @@ class FabricV1Commands extends CommandSink {
  * An extension that propagates taint from the arguments of `fabric.api.execute(func, arg0, arg1, ...)`
  * to the parameters of `func`, since this will call `func(arg0, arg1, ...)`.
  */
-class FabricExecuteExtension extends DataFlowExtension::DataFlowNode {
+deprecated class FabricExecuteExtension extends DataFlowExtension::DataFlowNode {
   CallNode call;
 
   FabricExecuteExtension() {

python/ql/lib/semmle/python/security/injection/Deserialization.qll

@@ -2,7 +2,7 @@ import python
 import semmle.python.dataflow.TaintTracking
 
 /** `pickle.loads(untrusted)` vulnerability. */
-abstract class DeserializationSink extends TaintSink {
+abstract deprecated class DeserializationSink extends TaintSink {
   bindingset[this]
   DeserializationSink() { this = this }
 }

python/ql/lib/semmle/python/security/injection/Exec.qll

@@ -14,7 +14,7 @@ import semmle.python.security.strings.Untrusted
  * A taint sink that represents an argument to exec or eval that is vulnerable to malicious input.
  * The `vuln` in `exec(vuln)` or similar.
  */
-class StringEvaluationNode extends TaintSink {
+deprecated class StringEvaluationNode extends TaintSink {
   override string toString() { result = "exec or eval" }
 
   StringEvaluationNode() {

python/ql/lib/semmle/python/security/injection/Marshal.qll

@@ -11,13 +11,15 @@ import semmle.python.dataflow.TaintTracking
 import semmle.python.security.strings.Untrusted
 import semmle.python.security.injection.Deserialization
 
-private FunctionObject marshalLoads() { result = ModuleObject::named("marshal").attr("loads") }
+deprecated private FunctionObject marshalLoads() {
+  result = ModuleObject::named("marshal").attr("loads")
+}
 
 /**
  * A taint sink that is potentially vulnerable to malicious marshaled objects.
  * The `vuln` in `marshal.loads(vuln)`.
  */
-class UnmarshalingNode extends DeserializationSink {
+deprecated class UnmarshalingNode extends DeserializationSink {
   override string toString() { result = "unmarshaling vulnerability" }
 
   UnmarshalingNode() {

python/ql/lib/semmle/python/security/injection/Path.qll

@@ -6,7 +6,7 @@ import semmle.python.security.strings.Untrusted
  * Prevents taint flowing through ntpath.normpath()
  * NormalizedPath below handles that case.
  */
-class PathSanitizer extends Sanitizer {
+deprecated class PathSanitizer extends Sanitizer {
   PathSanitizer() { this = "path.sanitizer" }
 
   override predicate sanitizingNode(TaintKind taint, ControlFlowNode node) {
@@ -15,7 +15,7 @@ class PathSanitizer extends Sanitizer {
   }
 }
 
-private FunctionObject abspath() {
+deprecated private FunctionObject abspath() {
   exists(ModuleObject os_path | ModuleObject::named("os").attr("path") = os_path |
     os_path.attr("abspath") = result
     or
@@ -24,18 +24,18 @@ private FunctionObject abspath() {
 }
 
 /** A path that has been normalized, but not verified to be safe */
-class NormalizedPath extends TaintKind {
+deprecated class NormalizedPath extends TaintKind {
   NormalizedPath() { this = "normalized.path.injection" }
 
   override string repr() { result = "normalized path" }
 }
 
-private predicate abspath_call(CallNode call, ControlFlowNode arg) {
+deprecated private predicate abspath_call(CallNode call, ControlFlowNode arg) {
   call.getFunction().refersTo(abspath()) and
   arg = call.getArg(0)
 }
 
-class AbsPath extends DataFlowExtension::DataFlowNode {
+deprecated class AbsPath extends DataFlowExtension::DataFlowNode {
   AbsPath() { abspath_call(_, this) }
 
   override ControlFlowNode getASuccessorNode(TaintKind fromkind, TaintKind tokind) {
@@ -45,7 +45,7 @@ class AbsPath extends DataFlowExtension::DataFlowNode {
   }
 }
 
-class NormalizedPathSanitizer extends Sanitizer {
+deprecated class NormalizedPathSanitizer extends Sanitizer {
   NormalizedPathSanitizer() { this = "normalized.path.sanitizer" }
 
   override predicate sanitizingEdge(TaintKind taint, PyEdgeRefinement test) {
@@ -59,7 +59,7 @@ class NormalizedPathSanitizer extends Sanitizer {
  * A taint sink that is vulnerable to malicious paths.
  * The `vuln` in `open(vuln)` and similar.
  */
-class OpenNode extends TaintSink {
+deprecated class OpenNode extends TaintSink {
   override string toString() { result = "argument to open()" }
 
   OpenNode() {

python/ql/lib/semmle/python/security/injection/Pickle.qll

@@ -11,18 +11,18 @@ import semmle.python.dataflow.TaintTracking
 import semmle.python.security.strings.Untrusted
 import semmle.python.security.injection.Deserialization
 
-private ModuleObject pickleModule() {
+deprecated private ModuleObject pickleModule() {
   result.getName() = "pickle"
   or
   result.getName() = "cPickle"
   or
   result.getName() = "dill"
 }
 
-private FunctionObject pickleLoads() { result = pickleModule().attr("loads") }
+deprecated private FunctionObject pickleLoads() { result = pickleModule().attr("loads") }
 
 /** `pickle.loads(untrusted)` vulnerability. */
-class UnpicklingNode extends DeserializationSink {
+deprecated class UnpicklingNode extends DeserializationSink {
   override string toString() { result = "unpickling untrusted data" }
 
   UnpicklingNode() {