JS: Deprecate the FlowLabel class

Author: asgerf

javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll

@@ -147,10 +147,12 @@ class LegacyFlowStep extends Unit {
   predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
 
   /**
+   * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries.
+   *
    * Holds if `pred` → `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -199,11 +201,13 @@ module LegacyFlowStep {
   }
 
   /**
+   * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries.
+   *
    * Holds if `pred` → `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
   cached
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -273,10 +277,12 @@ class SharedFlowStep extends Unit {
   predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() }
 
   /**
+   * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries.
+   *
    * Holds if `pred` → `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -353,10 +359,12 @@ module SharedFlowStep {
 
   // The following are aliases for old step predicates that have no corresponding predicate in AdditionalFlowStep
   /**
+   * DEPRECATED. The `FlowLabel` class and steps involving flow labels are no longer used by any queries.
+   *
    * Holds if `pred` → `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {

javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll

@@ -295,6 +295,9 @@ deprecated private predicate isBarrierGuardInternal(
 }
 
 /**
+ * DEPRECATED. Use a query-specific `FlowState` class instead.
+ * See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details.
+ *
  * A label describing the kind of information tracked by a flow configuration.
  *
  * There are two standard labels "data" and "taint".
@@ -303,7 +306,7 @@ deprecated private predicate isBarrierGuardInternal(
  * - "taint" additionally permits flow through transformations such as string operations,
  *   and is the default flow source for a `TaintTracking::Configuration`.
  */
-abstract class FlowLabel extends string {
+abstract deprecated class FlowLabel extends string {
   bindingset[this]
   FlowLabel() { any() }
 
@@ -341,7 +344,7 @@ deprecated class StandardFlowLabel extends FlowLabel {
   StandardFlowLabel() { this = "data" or this = "taint" }
 }
 
-module FlowLabel {
+deprecated module FlowLabel {
   /**
    * Gets the standard flow label for describing values that directly originate from a flow source.
    */

javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll

@@ -36,17 +36,19 @@ module MakeBarrierGuard<BarrierGuardSig BaseGuard> {
   }
 }
 
-private signature class LabeledBarrierGuardSig extends DataFlow::Node {
-  /**
-   * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`.
-   */
-  predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label);
+deprecated private module DeprecationWrapper {
+  signature class LabeledBarrierGuardSig extends DataFlow::Node {
+    /**
+     * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`.
+     */
+    predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label);
+  }
 }
 
 /**
  * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, label)`.
  */
-module MakeLabeledBarrierGuard<LabeledBarrierGuardSig BaseGuard> {
+deprecated module MakeLabeledBarrierGuard<DeprecationWrapper::LabeledBarrierGuardSig BaseGuard> {
   final private class FinalBaseGuard = BaseGuard;
 
   private class Adapter extends FinalBaseGuard {

javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll

@@ -545,9 +545,9 @@ class Boolean extends boolean {
 /**
  * A summary of an inter-procedural data flow path.
  */
-newtype TPathSummary =
+deprecated newtype TPathSummary =
   /** A summary of an inter-procedural data flow path. */
-  MkPathSummary(Boolean hasReturn, Boolean hasCall, FlowLabel start, FlowLabel end)
+  deprecated MkPathSummary(Boolean hasReturn, Boolean hasCall, FlowLabel start, FlowLabel end)
 
 /**
  * A summary of an inter-procedural data flow path.
@@ -560,7 +560,7 @@ newtype TPathSummary =
  * We only want to build properly matched call/return sequences, so if a path has both
  * call steps and return steps, all return steps must precede all call steps.
  */
-class PathSummary extends TPathSummary {
+deprecated class PathSummary extends TPathSummary {
   Boolean hasReturn;
   Boolean hasCall;
   FlowLabel start;
@@ -634,7 +634,7 @@ class PathSummary extends TPathSummary {
   }
 }
 
-module PathSummary {
+deprecated module PathSummary {
   /**
    * Gets a summary describing a path without any calls or returns.
    */