Python: Django changes now backwards compatible deprecation

Author: RasmusWL

python/ql/src/semmle/python/web/django/Redirect.qll

@@ -21,6 +21,9 @@ class DjangoShortcutsRedirectSink extends HttpRedirectTaintSink {
     }
 }
 
+/** DEPRECATED: Use `DjangoShortcutsRedirectSink` instead. */
+deprecated class DjangoRedirect = DjangoShortcutsRedirectSink;
+
 /**
  * The URL argument when instantiating a Django Redirect Response.
  */

python/ql/src/semmle/python/web/django/Response.qll

@@ -4,6 +4,16 @@ import semmle.python.security.strings.Basic
 private import semmle.python.web.django.Shared
 private import semmle.python.web.Http
 
+/**
+ * DEPRECATED: This class is internal to the django library modeling, and should
+ * never be used by anyone.
+ *
+ * A django.http.response.Response object
+ * This isn't really a "taint", but we use the value tracking machinery to
+ * track the flow of response objects.
+ */
+deprecated class DjangoResponse = DjangoResponseKind;
+
 /** INTERNAL class used for tracking a django response object. */
 private class DjangoResponseKind extends TaintKind {
     DjangoResponseKind() { this = "django.response.HttpResponse" }

python/ql/src/semmle/python/web/django/Shared.qll

@@ -1,5 +1,17 @@
 import python
 
+/** DEPRECATED: Use `Value::named("django.shortcuts.redirect")` instead. */
+deprecated FunctionValue redirect() { result = Value::named("django.shortcuts.redirect") }
+
+/** DEPRECATED: Use `DjangoRedirectResponseClass` instead. */
+deprecated ClassValue theDjangoHttpRedirectClass() {
+    // version 1.x
+    result = Value::named("django.http.response.HttpResponseRedirectBase")
+    or
+    // version 2.x
+    result = Value::named("django.http.HttpResponseRedirectBase")
+}
+
 /** A class that is a Django Redirect Response (subclass of `django.http.HttpResponseRedirectBase`). */
 class DjangoRedirectResponseClass extends ClassValue {
     DjangoRedirectResponseClass() {