Python: Remove promoted code:

- queries (`py/regex-injection`)
- concepts (RegexExecution, RegexEscape)
- library models (Stdlib::Re)

Author: yoff

python/ql/src/experimental/Security/CWE-730/RegexInjection.qhelp

@@ -14,73 +14,6 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.TaintTracking
 private import experimental.semmle.python.Frameworks
 
-/** Provides classes for modeling Regular Expression-related APIs. */
-module RegexExecution {
-  /**
-   * A data-flow node that executes a regular expression.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `RegexExecution` instead.
-   */
-  abstract class Range extends DataFlow::Node {
-    /**
-     * Gets the argument containing the executed expression.
-     */
-    abstract DataFlow::Node getRegexNode();
-
-    /**
-     * Gets the library used to execute the regular expression.
-     */
-    abstract string getRegexModule();
-  }
-}
-
-/**
- * A data-flow node that executes a regular expression.
- *
- * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `RegexExecution::Range` instead.
- */
-class RegexExecution extends DataFlow::Node {
-  RegexExecution::Range range;
-
-  RegexExecution() { this = range }
-
-  DataFlow::Node getRegexNode() { result = range.getRegexNode() }
-
-  string getRegexModule() { result = range.getRegexModule() }
-}
-
-/** Provides classes for modeling Regular Expression escape-related APIs. */
-module RegexEscape {
-  /**
-   * A data-flow node that escapes a regular expression.
-   *
-   * Extend this class to model new APIs. If you want to refine existing API models,
-   * extend `RegexEscape` instead.
-   */
-  abstract class Range extends DataFlow::Node {
-    /**
-     * Gets the argument containing the escaped expression.
-     */
-    abstract DataFlow::Node getRegexNode();
-  }
-}
-
-/**
- * A data-flow node that escapes a regular expression.
- *
- * Extend this class to refine existing API models. If you want to model new APIs,
- * extend `RegexEscape::Range` instead.
- */
-class RegexEscape extends DataFlow::Node {
-  RegexEscape::Range range;
-
-  RegexEscape() { this = range }
-
-  DataFlow::Node getRegexNode() { result = range.getRegexNode() }
-}
-
 /** Provides classes for modeling LDAP query execution-related APIs. */
 module LDAPQuery {
   /**

python/ql/src/experimental/Security/CWE-730/RegexInjection.ql

@@ -9,91 +9,3 @@ private import semmle.python.dataflow.new.TaintTracking
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import experimental.semmle.python.Concepts
 private import semmle.python.ApiGraphs
-
-/**
- * Provides models for Python's `re` library.
- *
- * See https://docs.python.org/3/library/re.html
- */
-private module Re {
-  /**
-   * List of `re` methods immediately executing an expression.
-   *
-   * See https://docs.python.org/3/library/re.html#module-contents
-   */
-  private class RegexExecutionMethods extends string {
-    RegexExecutionMethods() {
-      this in ["match", "fullmatch", "search", "split", "findall", "finditer", "sub", "subn"]
-    }
-  }
-
-  /**
-   * A class to find `re` methods immediately executing an expression.
-   *
-   * See `RegexExecutionMethods`
-   */
-  private class DirectRegex extends DataFlow::CallCfgNode, RegexExecution::Range {
-    DataFlow::Node regexNode;
-
-    DirectRegex() {
-      this = API::moduleImport("re").getMember(any(RegexExecutionMethods m)).getACall() and
-      regexNode = this.getArg(0)
-    }
-
-    override DataFlow::Node getRegexNode() { result = regexNode }
-
-    override string getRegexModule() { result = "re" }
-  }
-
-  /**
-   * A class to find `re` methods immediately executing a compiled expression by `re.compile`.
-   *
-   * Given the following example:
-   *
-   * ```py
-   * pattern = re.compile(input)
-   * pattern.match(s)
-   * ```
-   *
-   * This class will identify that `re.compile` compiles `input` and afterwards
-   * executes `re`'s `match`. As a result, `this` will refer to `pattern.match(s)`
-   * and `this.getRegexNode()` will return the node for `input` (`re.compile`'s first argument)
-   *
-   *
-   * See `RegexExecutionMethods`
-   *
-   * See https://docs.python.org/3/library/re.html#regular-expression-objects
-   */
-  private class CompiledRegex extends DataFlow::MethodCallNode, RegexExecution::Range {
-    DataFlow::Node regexNode;
-
-    CompiledRegex() {
-      exists(DataFlow::MethodCallNode patternCall |
-        patternCall = API::moduleImport("re").getMember("compile").getACall() and
-        patternCall.flowsTo(this.getObject()) and
-        this.getMethodName() instanceof RegexExecutionMethods and
-        regexNode = patternCall.getArg(0)
-      )
-    }
-
-    override DataFlow::Node getRegexNode() { result = regexNode }
-
-    override string getRegexModule() { result = "re" }
-  }
-
-  /**
-   * A class to find `re` methods escaping an expression.
-   *
-   * See https://docs.python.org/3/library/re.html#re.escape
-   */
-  class ReEscape extends DataFlow::CallCfgNode, RegexEscape::Range {
-    DataFlow::Node regexNode;
-
-    ReEscape() {
-      this = API::moduleImport("re").getMember("escape").getACall() and
-      regexNode = this.getArg(0)
-    }
-
-    override DataFlow::Node getRegexNode() { result = regexNode }
-  }
-}