codeqlhelper
diff --git a/‎java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
Lines changed: 4 additions & 2 deletions b/‎java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
Lines changed: 4 additions & 2 deletions
diff --git a/‎java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.qhelp
Lines changed: 0 additions & 5 deletions b/‎java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.qhelp
Lines changed: 0 additions & 5 deletions
diff --git a/‎java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
Lines changed: 0 additions & 24 deletions b/‎java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
Lines changed: 0 additions & 24 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected renamed to ‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.expected renamed to ‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.ext.yml
Lines changed: 6 additions & 0 deletions b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.ext.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref
Lines changed: 1 addition & 0 deletions b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref
Lines changed: 1 addition & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.qlref
Lines changed: 0 additions & 1 deletion b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTaintedLocal.qlref
Lines changed: 0 additions & 1 deletion
@@ -12,7 +12,7 @@ private import semmle.code.java.security.Sanitizers
  * A taint-tracking configuration for reasoning about local user input that is
  * used in a SQL query.
  */
-module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
+deprecated module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
@@ -25,7 +25,9 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
 }
 
 /**
+ * DEPRECATED: Use `QueryInjectionFlow` instead and configure threat model sources to include `local`.
+ *
  * Taint-tracking flow for local user input that is used in a SQL query.
  */
-module LocalUserInputToQueryInjectionFlow =
+deprecated module LocalUserInputToQueryInjectionFlow =
   TaintTracking::Global<LocalUserInputToQueryInjectionFlowConfig>;
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: threatModelConfiguration
+    data:
+      - ["local", true, 0]
@@ -0,0 +1 @@
+Security/CWE/CWE-089/SqlTainted.ql