Java: Deprecate experimental model activation.

Author: michaelnebel

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -104,9 +104,9 @@ private import codeql.mad.ModelValidation as SharedModelVal
  * Extend this class to include experimental model rows with `this` name
  * in data flow analysis.
  */
-abstract class ActiveExperimentalModels extends string {
+abstract private class ActiveExperimentalModelsInternal extends string {
   bindingset[this]
-  ActiveExperimentalModels() { any() }
+  ActiveExperimentalModelsInternal() { any() }
 
   /**
    * Holds if an experimental source model exists for the given parameters.
@@ -142,6 +142,8 @@ abstract class ActiveExperimentalModels extends string {
   }
 }
 
+deprecated class ActiveExperimentalModels = ActiveExperimentalModelsInternal;
+
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
   string package, string type, boolean subtypes, string name, string signature, string ext,
@@ -151,7 +153,7 @@ predicate sourceModel(
     Extensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance,
       madId)
     or
-    any(ActiveExperimentalModels q)
+    any(ActiveExperimentalModelsInternal q)
         .sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId)
   )
 }
@@ -165,7 +167,7 @@ predicate sinkModel(
     Extensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance,
       madId)
     or
-    any(ActiveExperimentalModels q)
+    any(ActiveExperimentalModelsInternal q)
         .sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId)
   )
 }
@@ -179,7 +181,7 @@ predicate summaryModel(
     Extensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind,
       provenance, madId)
     or
-    any(ActiveExperimentalModels q)
+    any(ActiveExperimentalModelsInternal q)
         .summaryModel(package, type, subtypes, name, signature, ext, input, output, kind,
           provenance, madId)
   )

java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll

@@ -34,6 +34,8 @@ extensible predicate neutralModel(
 );
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if an experimental source model exists for the given parameters.
  * This is only for experimental queries.
  */
@@ -43,6 +45,8 @@ extensible predicate experimentalSourceModel(
 );
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if an experimental sink model exists for the given parameters.
  * This is only for experimental queries.
  */
@@ -52,6 +56,8 @@ extensible predicate experimentalSinkModel(
 );
 
 /**
+ * DEPRECATED: Do not use.
+ *
  * Holds if an experimental summary model exists for the given parameters.
  * This is only for experimental queries.
  */

java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql

@@ -22,7 +22,7 @@ import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.security.Sanitizers
 import Log4jInjectionFlow::PathGraph
 
-private class ActivateModels extends ActiveExperimentalModels {
+deprecated private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "log4j-injection" }
 }
 

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql

@@ -17,7 +17,7 @@ import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.ExternalFlow
 import RemoteUrlToOpenStreamFlow::PathGraph
 
-private class ActivateModels extends ActiveExperimentalModels {
+deprecated private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "openstream-called-on-tainted-url" }
 }
 

java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql

@@ -22,7 +22,7 @@ import semmle.code.java.security.PathSanitizer
 private import semmle.code.java.security.Sanitizers
 import InjectFilePathFlow::PathGraph
 
-private class ActivateModels extends ActiveExperimentalModels {
+deprecated private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "file-path-injection" }
 }
 

java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql

@@ -18,7 +18,7 @@ import semmle.code.java.security.CommandLineQuery
 import InputToArgumentToExecFlow::PathGraph
 private import semmle.code.java.dataflow.ExternalFlow
 
-private class ActivateModels extends ActiveExperimentalModels {
+deprecated private class ActivateModels extends ActiveExperimentalModels {
   ActivateModels() { this = "jsch-os-injection" }
 }