Go: Remove deprecated configuration classes referencing deleted api.

Author: aschackmull

go/ql/lib/go.qll

@@ -25,11 +25,9 @@ import semmle.go.controlflow.BasicBlocks
 import semmle.go.controlflow.ControlFlowGraph
 import semmle.go.controlflow.IR
 import semmle.go.dataflow.DataFlow
-import semmle.go.dataflow.DataFlow2
 import semmle.go.dataflow.GlobalValueNumbering
 import semmle.go.dataflow.SSA
 import semmle.go.dataflow.TaintTracking
-import semmle.go.dataflow.TaintTracking2
 import semmle.go.frameworks.Afero
 import semmle.go.frameworks.AwsLambda
 import semmle.go.frameworks.Beego

go/ql/lib/semmle/go/security/CleartextLogging.qll

@@ -16,49 +16,6 @@ import go
 module CleartextLogging {
   import CleartextLoggingCustomizations::CleartextLogging
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A data-flow tracking configuration for clear-text logging of sensitive information.
-   *
-   * This configuration identifies flows from `Source`s, which are sources of
-   * sensitive data, to `Sink`s, which is an abstract class representing all
-   * the places sensitive data may be stored in cleartext. Additional sources or sinks can be
-   * added either by extending the relevant class, or by subclassing this configuration itself,
-   * and amending the sources and sinks.
-   */
-  deprecated class Configuration extends DataFlow::Configuration {
-    Configuration() { this = "CleartextLogging" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isBarrier(DataFlow::Node node) {
-      node instanceof Barrier
-      or
-      exists(DataFlow::CallNode call | node = call.getResult() |
-        call.getTarget() = Builtin::error().getType().getMethod("Error")
-        or
-        call.getTarget().(Method).hasQualifiedName("fmt", "Stringer", "String")
-      )
-    }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
-      // A taint propagating data-flow edge through structs: a tainted write taints the entire struct.
-      exists(Write write |
-        write.writesField(trg.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, src)
-      )
-      or
-      // taint steps that do not include flow through fields. Field reads would produce FPs due to
-      // the additional taint step above that taints whole structs from individual field writes.
-      TaintTracking::localTaintStep(src, trg) and
-      not TaintTracking::fieldReadStep(src, trg) and
-      // Also exclude protobuf field fetches, since they amount to single field reads.
-      not any(Protobuf::GetMethod gm).taintStep(src, trg)
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll

@@ -53,132 +53,6 @@ int getIntTypeBitSize(File file, int architectureSpecificBitSize) {
   result = architectureSpecificBitSize
 }
 
-/**
- * Holds if converting from an integer types with size `sourceBitSize` to
- * one with size `sinkBitSize` can produce unexpected values, where 0 means
- * architecture-dependent.
- *
- * Architecture-dependent bit sizes can be 32 or 64. To catch flows that
- * only manifest on 64-bit architectures we consider an
- * architecture-dependent source bit size to be 64. To catch flows that
- * only happen on 32-bit architectures we consider an
- * architecture-dependent sink bit size to be 32. We exclude the case where
- * both source and sink have architecture-dependent bit sizes.
- */
-private predicate isIncorrectIntegerConversion(int sourceBitSize, int sinkBitSize) {
-  sourceBitSize in [16, 32, 64] and
-  sinkBitSize in [8, 16, 32] and
-  sourceBitSize > sinkBitSize
-  or
-  // Treat `sourceBitSize = 0` like `sourceBitSize = 64`, and exclude `sinkBitSize = 0`
-  sourceBitSize = 0 and
-  sinkBitSize in [8, 16, 32]
-  or
-  // Treat `sinkBitSize = 0` like `sinkBitSize = 32`, and exclude `sourceBitSize = 0`
-  sourceBitSize = 64 and
-  sinkBitSize = 0
-}
-
-/**
- * DEPRECATED: use `Flow` instead.
- *
- * A taint-tracking configuration for reasoning about when an integer
- * obtained from parsing a string flows to a type conversion to a smaller
- * integer types, which could cause unexpected values.
- */
-deprecated class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
-  boolean sinkIsSigned;
-  int sourceBitSize;
-  int sinkBitSize;
-
-  ConversionWithoutBoundsCheckConfig() {
-    sinkIsSigned in [true, false] and
-    isIncorrectIntegerConversion(sourceBitSize, sinkBitSize) and
-    this = "ConversionWithoutBoundsCheckConfig" + sourceBitSize + sinkIsSigned + sinkBitSize
-  }
-
-  /** Gets the bit size of the source. */
-  int getSourceBitSize() { result = sourceBitSize }
-
-  override predicate isSource(DataFlow::Node source) {
-    exists(
-      DataFlow::CallNode c, IntegerParser::Range ip, int apparentBitSize, int effectiveBitSize
-    |
-      c.getTarget() = ip and source = c.getResult(0)
-    |
-      (
-        apparentBitSize = ip.getTargetBitSize()
-        or
-        // If we are reading a variable, check if it is
-        // `strconv.IntSize`, and use 0 if it is.
-        exists(DataFlow::Node rawBitSize | rawBitSize = ip.getTargetBitSizeInput().getNode(c) |
-          if rawBitSize = any(Strconv::IntSize intSize).getARead()
-          then apparentBitSize = 0
-          else apparentBitSize = rawBitSize.getIntValue()
-        )
-      ) and
-      (
-        if apparentBitSize = 0
-        then effectiveBitSize = getIntTypeBitSize(source.getFile(), 0)
-        else effectiveBitSize = apparentBitSize
-      ) and
-      // `effectiveBitSize` could be any value between 0 and 64, but we
-      // can round it up to the nearest size of an integer type without
-      // changing behavior.
-      sourceBitSize = min(int b | b in [0, 8, 16, 32, 64] and b >= effectiveBitSize)
-    )
-  }
-
-  /**
-   * Holds if `sink` is a typecast to an integer type with size `bitSize` (where
-   * 0 represents architecture-dependent) and the expression being typecast is
-   * not also in a right-shift expression. We allow this case because it is
-   * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on.
-   */
-  predicate isSinkWithBitSize(DataFlow::TypeCastNode sink, int bitSize) {
-    sink.asExpr() instanceof ConversionExpr and
-    exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
-      (
-        bitSize = integerType.getSize()
-        or
-        not exists(integerType.getSize()) and
-        bitSize = getIntTypeBitSize(sink.getFile(), 0)
-      ) and
-      if integerType instanceof SignedIntegerType then sinkIsSigned = true else sinkIsSigned = false
-    ) and
-    not exists(ShrExpr shrExpr |
-      shrExpr.getLeftOperand().getGlobalValueNumber() =
-        sink.getOperand().asExpr().getGlobalValueNumber() or
-      shrExpr.getLeftOperand().(AndExpr).getAnOperand().getGlobalValueNumber() =
-        sink.getOperand().asExpr().getGlobalValueNumber()
-    )
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    // We use the argument of the type conversion as the configuration sink so that we
-    // can sanitize the result of the conversion to prevent flow on to further sinks
-    // without needing to use `isSanitizerOut`, which doesn't work with flow states
-    // (and therefore the legacy `TaintTracking::Configuration` class).
-    this.isSinkWithBitSize(sink.getASuccessor(), sinkBitSize)
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    // To catch flows that only happen on 32-bit architectures we
-    // consider an architecture-dependent sink bit size to be 32.
-    exists(UpperBoundCheckGuard g, int bitSize |
-      if sinkBitSize != 0 then bitSize = sinkBitSize else bitSize = 32
-    |
-      node = DataFlow::BarrierGuard<upperBoundCheckGuard/3>::getABarrierNodeForGuard(g) and
-      if sinkIsSigned = true then g.isBoundFor(bitSize, 32) else g.isBoundFor(bitSize - 1, 32)
-    )
-    or
-    exists(int bitSize |
-      isIncorrectIntegerConversion(sourceBitSize, bitSize) and
-      this.isSinkWithBitSize(node, bitSize)
-    )
-  }
-}
-
 private int validBitSize() { result = [7, 8, 15, 16, 31, 32, 63, 64] }
 
 private newtype TArchitectureBitSize =

go/ql/lib/semmle/go/security/InsecureRandomness.qll

@@ -16,25 +16,6 @@ import go
 module InsecureRandomness {
   import InsecureRandomnessCustomizations::InsecureRandomness
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about random values that are
-   * not cryptographically secure.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "InsecureRandomness" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { this.isSinkWithKind(sink, _) }
-
-    /** Holds if `sink` is a sink for this configuration with kind `kind`. */
-    predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
-
-    override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
-  }
-
   /** Holds if `sink` is a sink for this configuration with kind `kind`. */
   predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
 

go/ql/lib/semmle/go/security/OpenUrlRedirect.qll

@@ -17,51 +17,6 @@ import UrlConcatenation
 module OpenUrlRedirect {
   import OpenUrlRedirectCustomizations::OpenUrlRedirect
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A data-flow configuration for reasoning about unvalidated URL redirections.
-   */
-  deprecated class Configuration extends DataFlow::Configuration {
-    Configuration() { this = "OpenUrlRedirect" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
-
-    override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // taint steps that do not include flow through fields
-      TaintTracking::localTaintStep(pred, succ) and not TaintTracking::fieldReadStep(pred, succ)
-      or
-      // explicit extra taint steps for this query
-      any(AdditionalStep s).hasTaintStep(pred, succ)
-      or
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-      or
-      // propagate out of most URL fields, but not `ForceQuery` and `Scheme`
-      exists(Field f, string fn |
-        f.hasQualifiedName("net/url", "URL", fn) and
-        not fn in ["ForceQuery", "Scheme"]
-      |
-        succ.(Read).readsField(pred, f)
-      )
-    }
-
-    override predicate isBarrierOut(DataFlow::Node node) {
-      // block propagation of this unsafe value when its host is overwritten
-      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(node.getASuccessor(), f, _)
-      )
-      or
-      hostnameSanitizingPrefixEdge(node, _)
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/ReflectedXss.qll

@@ -16,24 +16,6 @@ import go
 module ReflectedXss {
   import ReflectedXssCustomizations::ReflectedXss
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about XSS.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "ReflectedXss" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/RequestForgery.qll

@@ -16,36 +16,6 @@ import go
 module RequestForgery {
   import RequestForgeryCustomizations::RequestForgery
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about request forgery.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "RequestForgery" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-
-    override predicate isSanitizerOut(DataFlow::Node node) {
-      super.isSanitizerOut(node) or
-      node instanceof SanitizerEdge
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/SafeUrlFlow.qll

@@ -16,35 +16,6 @@ import go
 module SafeUrlFlow {
   import SafeUrlFlowCustomizations::SafeUrlFlow
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about safe URLs.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "SafeUrlFlow" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      // propagate to a URL when its host is assigned to
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
-      )
-    }
-
-    override predicate isSanitizerOut(DataFlow::Node node) {
-      // block propagation of this safe value when its host is overwritten
-      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
-        w.writesField(node.getASuccessor(), f, _)
-      )
-      or
-      node instanceof SanitizerEdge
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }
 

go/ql/lib/semmle/go/security/SqlInjection.qll

@@ -13,28 +13,6 @@ import go
 module SqlInjection {
   import SqlInjectionCustomizations::SqlInjection
 
-  /**
-   * DEPRECATED: Use `Flow` instead.
-   *
-   * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities.
-   */
-  deprecated class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "SqlInjection" }
-
-    override predicate isSource(DataFlow::Node source) { source instanceof Source }
-
-    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
-
-    override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      NoSql::isAdditionalMongoTaintStep(pred, succ)
-    }
-
-    override predicate isSanitizer(DataFlow::Node node) {
-      super.isSanitizer(node) or
-      node instanceof Sanitizer
-    }
-  }
-
   private module Config implements DataFlow::ConfigSig {
     predicate isSource(DataFlow::Node source) { source instanceof Source }