Skip to content

Commit ed7538d

Browse files
michaelnebelmichaelnebel
committed
Java: Deprecate the local content of TaintedPathQuery and remove the local query variant.
1 parent 5b89bd2 commit ed7538d

File tree

3 files changed

+7
-32
lines changed

3 files changed

+7
-32
lines changed

java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ module TaintedPathFlow = TaintTracking::Global<TaintedPathConfig>;
8080
/**
8181
* A taint-tracking configuration for tracking flow from local user input to the creation of a path.
8282
*/
83-
module TaintedPathLocalConfig implements DataFlow::ConfigSig {
83+
deprecated module TaintedPathLocalConfig implements DataFlow::ConfigSig {
8484
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
8585

8686
predicate isSink(DataFlow::Node sink) { sink instanceof TaintedPathSink }
@@ -95,5 +95,9 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig {
9595
}
9696
}
9797

98-
/** Tracks flow from local user input to the creation of a path. */
99-
module TaintedPathLocalFlow = TaintTracking::Global<TaintedPathLocalConfig>;
98+
/**
99+
* DEPRECATED: Use `TaintedPathFlow` instead and configure threat model sources to include `local`.
100+
*
101+
* Tracks flow from local user input to the creation of a path.
102+
*/
103+
deprecated module TaintedPathLocalFlow = TaintTracking::Global<TaintedPathLocalConfig>;

java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.qhelp

Lines changed: 0 additions & 5 deletions
This file was deleted.

java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql

Lines changed: 0 additions & 24 deletions
This file was deleted.

0 commit comments

Comments
 (0)