Skip to content

Commit d9c7401

Browse files
michaelnebelmichaelnebel
committed
Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant.
1 parent ed7538d commit d9c7401

File tree

3 files changed

+4
-28
lines changed

3 files changed

+4
-28
lines changed

java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,15 @@ private import semmle.code.java.security.UrlRedirect
77
/**
88
* A taint-tracking configuration to reason about URL redirection from local sources.
99
*/
10-
module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
10+
deprecated module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
1111
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
1212

1313
predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
1414
}
1515

1616
/**
17+
* DEPRECATED: Use `UrlRedirectFlow` instead and configure threat model sources to include `local`.
18+
*
1719
* Taint-tracking flow for URL redirection from local sources.
1820
*/
19-
module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;
21+
deprecated module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;

java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.qhelp

Lines changed: 0 additions & 5 deletions
This file was deleted.

java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql

Lines changed: 0 additions & 21 deletions
This file was deleted.

0 commit comments

Comments
 (0)