From e89e0eb7fbe75759cf0914a581d8e0d1f255442e Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 18 Aug 2022 22:16:31 +0200 Subject: [PATCH 1/8] make some acronyms camelCase --- cpp/ql/lib/semmle/code/cpp/XML.qll | 21 ++- .../aliased_ssa/internal/AliasedSSA.qll | 4 +- .../aliased_ssa/internal/SSAConstruction.qll | 4 +- .../internal/SSAConstructionInternal.qll | 11 +- .../implementation/internal/TInstruction.qll | 10 +- .../internal/TInstructionInternal.qll | 5 +- .../internal/SSAConstruction.qll | 4 +- .../internal/SSAConstructionInternal.qll | 11 +- .../CWE/CWE-295/SSLResultConflation.ql | 6 +- .../CWE/CWE-295/SSLResultNotChecked.ql | 26 ++-- .../src/Security/CWE/CWE-497/SystemData.qll | 14 +- .../TestUtilities/dataflow/FlowTestCommon.qll | 6 +- .../annotate_path_to_sink/tainted.ql | 4 +- .../annotate_sinks_only/tainted.ql | 4 +- .../DefaultTaintTracking/globals/global.ql | 4 +- csharp/ql/lib/semmle/code/asp/WebConfig.qll | 26 +++- csharp/ql/lib/semmle/code/csharp/XML.qll | 21 ++- .../code/csharp/frameworks/microsoft/Owin.qll | 5 +- .../security/dataflow/flowsources/Remote.qll | 2 +- .../Security Features/CWE-614/RequireSSL.ql | 4 +- .../CWE-614/CookieWithoutSecure.ql | 4 +- .../implementation/internal/TInstruction.qll | 10 +- .../internal/TInstructionInternal.qll | 5 +- .../internal/SSAConstruction.qll | 4 +- .../internal/SSAConstructionInternal.qll | 11 +- go/ql/lib/semmle/go/frameworks/Couchbase.qll | 4 +- .../K8sIoApimachineryPkgRuntime.qll | 4 +- go/ql/lib/semmle/go/frameworks/NoSQL.qll | 9 +- go/ql/lib/semmle/go/frameworks/WebSocket.qll | 4 +- go/ql/lib/semmle/go/security/ExternalAPIs.qll | 73 +++++---- go/ql/lib/semmle/go/security/SqlInjection.qll | 2 +- .../security/SqlInjectionCustomizations.qll | 4 +- .../ExternalAPIsUsedWithUntrustedData.ql | 6 +- .../CWE-020/UntrustedDataToExternalAPI.ql | 4 +- .../UntrustedDataToUnknownExternalAPI.ql | 4 +- .../Security/CWE-352/ConstantOauth2State.ql | 22 +-- .../semmle/go/frameworks/NoSQL/Query.ql | 6 +- .../semmle/go/frameworks/SQL/QueryString.ql | 4 +- java/ql/lib/semmle/code/java/J2EE.qll | 28 +++- .../semmle/code/java/deadcode/EntryPoints.qll | 14 +- .../lib/semmle/code/java/frameworks/Camel.qll | 20 ++- .../semmle/code/java/frameworks/Servlets.qll | 7 +- .../java/frameworks/camel/CamelJavaDSL.qll | 5 +- .../semmle/code/java/frameworks/gwt/GWT.qll | 16 +- .../java/frameworks/gwt/GwtUiBinderXml.qll | 6 +- .../code/java/frameworks/j2objc/J2ObjC.qll | 23 ++- .../code/java/frameworks/javaee/ejb/EJB.qll | 139 ++++++++++++------ .../java/frameworks/spring/SpringBean.qll | 2 +- .../java/frameworks/spring/SpringCamel.qll | 7 +- .../semmle/code/java/security/Encryption.qll | 83 +++++++---- .../java/security/InsecureTrustManager.qll | 2 +- .../code/java/security/UnsafeCertTrust.qll | 6 +- .../java/security/UnsafeCertTrustQuery.qll | 4 +- .../semmle/code/java/security/XmlParsers.qll | 16 +- java/ql/lib/semmle/code/xml/XML.qll | 21 ++- .../Serialization/NonSerializableField.ql | 2 +- java/ql/src/Security/CWE/CWE-319/UseSSL.ql | 4 +- .../CWE/CWE-319/UseSSLSocketFactories.ql | 2 +- .../Comments/CommentedCode.qll | 4 +- .../CWE/CWE-297/InsecureLdapEndpoint.ql | 4 +- .../Security/CWE/CWE-327/SslLib.qll | 19 ++- .../Security/CWE/CWE-522/InsecureLdapAuth.ql | 10 +- .../Security/CWE/CWE-552/UnsafeUrlForward.ql | 2 +- .../Security/CWE/CWE-611/XXELib.qll | 2 +- java/ql/test/library-tests/gwt/JSNI.ql | 2 +- .../test/library-tests/j2objc/OCNIComment.ql | 2 +- javascript/ql/lib/semmle/javascript/XML.qll | 21 ++- .../semmle/javascript/frameworks/NoSQL.qll | 4 +- .../javascript/frameworks/ServerLess.qll | 20 +-- .../ClientSideUrlRedirectCustomizations.qll | 2 +- .../javascript/security/dataflow/DOM.qll | 5 +- .../security/dataflow/DomBasedXssQuery.qll | 9 +- .../ExternalAPIUsedWithUntrustedData.qll | 8 +- .../javascript/security/dataflow/Xss.qll | 4 +- .../lib/semmle/python/frameworks/Stdlib.qll | 23 ++- python/ql/lib/semmle/python/xml/XML.qll | 21 ++- .../CWE-295/MissingHostKeyValidation.ql | 4 +- python/ql/src/Security/CWE-327/PyOpenSSL.qll | 27 ++-- python/ql/src/Security/CWE-327/Ssl.qll | 34 +++-- .../src/experimental/Security/CWE-091/Xslt.ql | 6 +- .../experimental/semmle/python/Concepts.qll | 10 +- .../semmle/python/frameworks/LDAP.qll | 68 +++++---- .../python/security/LDAPInsecureAuth.qll | 2 +- .../semmle/python/security/injection/XSLT.qll | 18 ++- .../query-tests/Security/CWE-091/XsltSinks.ql | 2 +- ruby/ql/lib/codeql/ruby/Concepts.qll | 10 +- .../internal/ControlFlowGraphImpl.qll | 10 +- .../ruby/frameworks/ActionController.qll | 4 +- ruby/ql/lib/codeql/ruby/frameworks/Rails.qll | 6 +- .../lib/codeql/ruby/frameworks/XmlParsing.qll | 2 +- ruby/ql/lib/codeql/ruby/security/OpenSSL.qll | 56 ++++--- .../cwe-352/CSRFProtectionDisabled.ql | 2 +- .../ql/test/library-tests/security/OpenSSL.ql | 10 +- 93 files changed, 762 insertions(+), 450 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/XML.qll b/cpp/ql/lib/semmle/code/cpp/XML.qll index cd8accc63ae0..ccf8ab5b55f2 100755 --- a/cpp/ql/lib/semmle/code/cpp/XML.qll +++ b/cpp/ql/lib/semmle/code/cpp/XML.qll @@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File { XmlElement getARootElement() { result = this.getAChild() } /** Gets a DTD associated with this XML file. */ - XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) } + XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } + + /** DEPRECATED: Alias for getADtd */ + deprecated XmlDTD getADTD() { result = getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile; * * ``` */ -class XmlDTD extends XmlLocatable, @xmldtd { +class XmlDtd extends XmlLocatable, @xmldtd { /** Gets the name of the root element of this DTD. */ string getRoot() { xmlDTDs(this, result, _, _, _) } @@ -174,7 +177,10 @@ class XmlDTD extends XmlLocatable, @xmldtd { } } -/** DEPRECATED: Alias for XmlDTD */ +/** DEPRECATED: Alias for XmlDtd */ +deprecated class XmlDTD = XmlDtd; + +/** DEPRECATED: Alias for XmlDtd */ deprecated class XMLDTD = XmlDTD; /** @@ -282,15 +288,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getPrefix() { xmlNs(this, result, _, _) } /** Gets the URI of this namespace. */ - string getURI() { xmlNs(this, _, result, _) } + string getUri() { xmlNs(this, _, result, _) } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } override string toString() { - this.isDefault() and result = this.getURI() + this.isDefault() and result = this.getUri() or - not this.isDefault() and result = this.getPrefix() + ":" + this.getURI() + not this.isDefault() and result = this.getPrefix() + ":" + this.getUri() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll index 76a99026d595..0a3e0287635f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll @@ -3,7 +3,7 @@ import semmle.code.cpp.ir.internal.Overlap private import semmle.code.cpp.ir.internal.IRCppLanguage as Language private import semmle.code.cpp.Print private import semmle.code.cpp.ir.implementation.unaliased_ssa.IR -private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSSA +private import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as OldSsa private import semmle.code.cpp.ir.internal.IntegerConstant as Ints private import semmle.code.cpp.ir.internal.IntegerInterval as Interval private import semmle.code.cpp.ir.implementation.internal.OperandTag @@ -572,7 +572,7 @@ private Overlap getVariableMemoryLocationOverlap( * Holds if the def/use information for the result of `instr` can be reused from the previous * iteration of the IR. */ -predicate canReuseSsaForOldResult(Instruction instr) { OldSSA::canReuseSsaForMemoryResult(instr) } +predicate canReuseSsaForOldResult(Instruction instr) { OldSsa::canReuseSsaForMemoryResult(instr) } /** DEPRECATED: Alias for canReuseSsaForOldResult */ deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index 303a96830114..901735069c06 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -5,8 +5,8 @@ private import Imports::OperandTag private import Imports::Overlap private import Imports::TInstruction private import Imports::RawIR as RawIR -private import SSAInstructions -private import SSAOperands +private import SsaInstructions +private import SsaOperands private import NewIR private class OldBlock = Reachability::ReachableBlock; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll index 74919a578701..6c0c1c1f9314 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionInternal.qll @@ -2,7 +2,14 @@ import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as OldIR import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.ReachableBlock as Reachability import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.reachability.Dominance as Dominance import semmle.code.cpp.ir.implementation.aliased_ssa.IR as NewIR -import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SSAInstructions +import semmle.code.cpp.ir.implementation.internal.TInstruction::AliasedSsaInstructions as SsaInstructions + +/** DEPRECATED: Alias for SsaInstructions */ +deprecated module SSAInstructions = SsaInstructions; + import semmle.code.cpp.ir.internal.IRCppLanguage as Language import AliasedSSA as Alias -import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SSAOperands +import semmle.code.cpp.ir.implementation.internal.TOperand::AliasedSsaOperands as SsaOperands + +/** DEPRECATED: Alias for SsaOperands */ +deprecated module SSAOperands = SsaOperands; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll index 5a7099d9fa2e..b30372a791b0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll @@ -29,15 +29,15 @@ newtype TInstruction = UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc) } or TAliasedSsaPhiInstruction( - TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation + TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation ) { - AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation) + AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation) } or TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) { - AliasedSSA::SSA::hasChiInstruction(primaryInstruction) + AliasedSsa::SSA::hasChiInstruction(primaryInstruction) } or TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) { - AliasedSSA::SSA::hasUnreachedInstruction(irFunc) + AliasedSsa::SSA::hasUnreachedInstruction(irFunc) } /** @@ -83,7 +83,7 @@ module AliasedSsaInstructions { class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction; TPhiInstruction phiInstruction( - TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation + TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation ) { result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll index 2c9ac1c4b80f..ddf9979cd70a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstructionInternal.qll @@ -1,4 +1,7 @@ import semmle.code.cpp.ir.internal.IRCppLanguage as Language import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction import semmle.code.cpp.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa -import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSSA +import semmle.code.cpp.ir.implementation.aliased_ssa.internal.SSAConstruction as AliasedSsa + +/** DEPRECATED: Alias for AliasedSsa */ +deprecated module AliasedSSA = AliasedSsa; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index 303a96830114..901735069c06 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -5,8 +5,8 @@ private import Imports::OperandTag private import Imports::Overlap private import Imports::TInstruction private import Imports::RawIR as RawIR -private import SSAInstructions -private import SSAOperands +private import SsaInstructions +private import SsaOperands private import NewIR private class OldBlock = Reachability::ReachableBlock; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll index 8f64bff29f26..ab0f6262e1b2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll @@ -3,7 +3,14 @@ import semmle.code.cpp.ir.implementation.raw.internal.reachability.ReachableBloc import semmle.code.cpp.ir.implementation.raw.internal.reachability.Dominance as Dominance import semmle.code.cpp.ir.implementation.unaliased_ssa.IR as NewIR import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as RawStage -import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions +import semmle.code.cpp.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions + +/** DEPRECATED: Alias for SsaInstructions */ +deprecated module SSAInstructions = SsaInstructions; + import semmle.code.cpp.ir.internal.IRCppLanguage as Language import SimpleSSA as Alias -import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands +import semmle.code.cpp.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands + +/** DEPRECATED: Alias for SsaOperands */ +deprecated module SSAOperands = SsaOperands; diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql index c72142e2ef31..0d706affd0bf 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql @@ -17,8 +17,8 @@ import semmle.code.cpp.dataflow.DataFlow /** * A call to `SSL_get_verify_result`. */ -class SSLGetVerifyResultCall extends FunctionCall { - SSLGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" } +class SslGetVerifyResultCall extends FunctionCall { + SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" } } /** @@ -29,7 +29,7 @@ class VerifyResultConfig extends DataFlow::Configuration { VerifyResultConfig() { this = "VerifyResultConfig" } override predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof SSLGetVerifyResultCall + source.asExpr() instanceof SslGetVerifyResultCall } override predicate isSink(DataFlow::Node sink) { diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql index ad66bd2bd573..0d972a734b37 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql @@ -17,33 +17,33 @@ import semmle.code.cpp.controlflow.IRGuards /** * A call to `SSL_get_peer_certificate`. */ -class SSLGetPeerCertificateCall extends FunctionCall { - SSLGetPeerCertificateCall() { +class SslGetPeerCertificateCall extends FunctionCall { + SslGetPeerCertificateCall() { getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl) } - Expr getSSLArgument() { result = getArgument(0) } + Expr getSslArgument() { result = getArgument(0) } } /** * A call to `SSL_get_verify_result`. */ -class SSLGetVerifyResultCall extends FunctionCall { - SSLGetVerifyResultCall() { +class SslGetVerifyResultCall extends FunctionCall { + SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl) } - Expr getSSLArgument() { result = getArgument(0) } + Expr getSslArgument() { result = getArgument(0) } } /** * Holds if the SSL object passed into `SSL_get_peer_certificate` is checked with * `SSL_get_verify_result` entering `node`. */ -predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) { - exists(Expr ssl, SSLGetVerifyResultCall check | - ssl = globalValueNumber(getCertCall.getSSLArgument()).getAnExpr() and - ssl = check.getSSLArgument() and +predicate resultIsChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) { + exists(Expr ssl, SslGetVerifyResultCall check | + ssl = globalValueNumber(getCertCall.getSslArgument()).getAnExpr() and + ssl = check.getSslArgument() and node = check ) } @@ -53,7 +53,7 @@ predicate resultIsChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode * `0` on the edge `node1` to `node2`. */ predicate certIsZero( - SSLGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2 + SslGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2 ) { exists(Expr cert | cert = globalValueNumber(getCertCall).getAnExpr() | exists(GuardCondition guard, Expr zero | @@ -87,7 +87,7 @@ predicate certIsZero( * `SSL_get_verify_result` at `node`. Note that this is only computed at the call to * `SSL_get_peer_certificate` and at the start and end of `BasicBlock`s. */ -predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode node) { +predicate certNotChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode node) { // cert is not checked at the call to `SSL_get_peer_certificate` node = getCertCall or @@ -112,7 +112,7 @@ predicate certNotChecked(SSLGetPeerCertificateCall getCertCall, ControlFlowNode ) } -from SSLGetPeerCertificateCall getCertCall, ControlFlowNode node +from SslGetPeerCertificateCall getCertCall, ControlFlowNode node where certNotChecked(getCertCall, node) and node instanceof Function // (function exit) diff --git a/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll b/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll index 070125e7baf6..0c04264892ca 100644 --- a/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll +++ b/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll @@ -47,14 +47,17 @@ class EnvData extends SystemData { /** * Data originating from a call to `mysql_get_client_info()`. */ -class SQLClientInfo extends SystemData { - SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") } +class SqlClientInfo extends SystemData { + SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") } override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this } override predicate isSensitive() { any() } } +/** DEPRECATED: Alias for SqlClientInfo */ +deprecated class SQLClientInfo = SqlClientInfo; + private predicate sqlConnectInfo(FunctionCall source, Expr use) { ( source.getTarget().hasName("mysql_connect") or @@ -66,14 +69,17 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) { /** * Data passed into an SQL connect function. */ -class SQLConnectInfo extends SystemData { - SQLConnectInfo() { sqlConnectInfo(this, _) } +class SqlConnectInfo extends SystemData { + SqlConnectInfo() { sqlConnectInfo(this, _) } override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) } override predicate isSensitive() { any() } } +/** DEPRECATED: Alias for SqlConnectInfo */ +deprecated class SQLConnectInfo = SqlConnectInfo; + private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) { // size_t confstr(int name, char *buf, size_t len) // - various OS / system strings, such as the libc version diff --git a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll index 5841412331d8..c765ba89a00b 100644 --- a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll +++ b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll @@ -13,7 +13,7 @@ import cpp private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow -private import semmle.code.cpp.dataflow.DataFlow::DataFlow as ASTDataFlow +private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow import TestUtilities.InlineExpectationsTest class IRFlowTest extends InlineExpectationsTest { @@ -49,11 +49,11 @@ class AstFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { exists( - ASTDataFlow::Node source, ASTDataFlow::Node sink, ASTDataFlow::Configuration conf, int n + AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n | tag = "ast" and conf.hasFlow(source, sink) and - n = strictcount(ASTDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and + n = strictcount(AstDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and ( n = 1 and value = "" or diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql index 1737bb0bb337..9662b7c454d2 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql @@ -4,7 +4,7 @@ */ import cpp -import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking +import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath import TaintedWithPath::Private @@ -17,7 +17,7 @@ predicate isSinkArgument(Element sink) { ) } -predicate astTaint(Expr source, Element sink) { ASTTaintTracking::tainted(source, sink) } +predicate astTaint(Expr source, Element sink) { AstTaintTracking::tainted(source, sink) } class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration { override predicate isSink(Element e) { isSinkArgument(e) } diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql index 61014bbd48fb..5c9583b800a6 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking +import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath import TestUtilities.InlineExpectationsTest @@ -18,7 +18,7 @@ predicate argToSinkCall(Element sink) { } predicate astTaint(Expr source, Element sink) { - ASTTaintTracking::tainted(source, sink) and argToSinkCall(sink) + AstTaintTracking::tainted(source, sink) and argToSinkCall(sink) } class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration { diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql index a9a4a1af231a..d6d4e1d6264c 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql @@ -1,11 +1,11 @@ import cpp import semmle.code.cpp.security.Security -import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking +import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking import TestUtilities.InlineExpectationsTest predicate astTaint(Expr source, Element sink, string globalVar) { - ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != "" + AstTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != "" } predicate irTaint(Expr source, Element sink, string globalVar) { diff --git a/csharp/ql/lib/semmle/code/asp/WebConfig.qll b/csharp/ql/lib/semmle/code/asp/WebConfig.qll index 4a71e8e7f7da..8d6d19c22270 100644 --- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll +++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll @@ -94,14 +94,20 @@ class FormsElement extends XmlElement { /** * Gets attribute's `requireSSL` value. */ - string getRequireSSL() { + string getRequireSsl() { result = this.getAttribute("requireSSL").getValue().trim().toLowerCase() } + /** DEPRECATED: Alias for getRequireSsl */ + deprecated string getRequireSSL() { result = getRequireSsl() } + /** * Holds if `requireSSL` value is true. */ - predicate isRequireSSL() { this.getRequireSSL() = "true" } + predicate isRequireSsl() { this.getRequireSsl() = "true" } + + /** DEPRECATED: Alias for isRequireSsl */ + deprecated predicate isRequireSSL() { isRequireSsl() } } /** A `` tag in an ASP.NET configuration file. */ @@ -123,17 +129,23 @@ class HttpCookiesElement extends XmlElement { /** * Gets attribute's `requireSSL` value. */ - string getRequireSSL() { + string getRequireSsl() { result = this.getAttribute("requireSSL").getValue().trim().toLowerCase() } + /** DEPRECATED: Alias for getRequireSsl */ + deprecated string getRequireSSL() { result = getRequireSsl() } + /** * Holds if there is any chance that `requireSSL` is set to `true` either globally or for Forms. */ - predicate isRequireSSL() { - this.getRequireSSL() = "true" + predicate isRequireSsl() { + this.getRequireSsl() = "true" or - not this.getRequireSSL() = "false" and // not set all, i.e. default - exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSSL()) + not this.getRequireSsl() = "false" and // not set all, i.e. default + exists(FormsElement forms | forms.getFile() = this.getFile() | forms.isRequireSsl()) } + + /** DEPRECATED: Alias for isRequireSsl */ + deprecated predicate isRequireSSL() { isRequireSsl() } } diff --git a/csharp/ql/lib/semmle/code/csharp/XML.qll b/csharp/ql/lib/semmle/code/csharp/XML.qll index cd8accc63ae0..ccf8ab5b55f2 100755 --- a/csharp/ql/lib/semmle/code/csharp/XML.qll +++ b/csharp/ql/lib/semmle/code/csharp/XML.qll @@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File { XmlElement getARootElement() { result = this.getAChild() } /** Gets a DTD associated with this XML file. */ - XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) } + XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } + + /** DEPRECATED: Alias for getADtd */ + deprecated XmlDTD getADTD() { result = getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile; * * ``` */ -class XmlDTD extends XmlLocatable, @xmldtd { +class XmlDtd extends XmlLocatable, @xmldtd { /** Gets the name of the root element of this DTD. */ string getRoot() { xmlDTDs(this, result, _, _, _) } @@ -174,7 +177,10 @@ class XmlDTD extends XmlLocatable, @xmldtd { } } -/** DEPRECATED: Alias for XmlDTD */ +/** DEPRECATED: Alias for XmlDtd */ +deprecated class XmlDTD = XmlDtd; + +/** DEPRECATED: Alias for XmlDtd */ deprecated class XMLDTD = XmlDTD; /** @@ -282,15 +288,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getPrefix() { xmlNs(this, result, _, _) } /** Gets the URI of this namespace. */ - string getURI() { xmlNs(this, _, result, _) } + string getUri() { xmlNs(this, _, result, _) } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } override string toString() { - this.isDefault() and result = this.getURI() + this.isDefault() and result = this.getUri() or - not this.isDefault() and result = this.getPrefix() + ":" + this.getURI() + not this.isDefault() and result = this.getPrefix() + ":" + this.getUri() } } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll index fad261dec93a..3029e101252a 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll @@ -119,10 +119,13 @@ class MicrosoftOwinIOwinRequestClass extends Class { } /** Gets the `URI` property. */ - Property getURIProperty() { + Property getUriProperty() { result = this.getAProperty() and result.hasName("URI") } + + /** DEPRECATED: Alias for getUriProperty */ + deprecated Property getURIProperty() { result = getUriProperty() } } /** A `Microsoft.Owin.*String` class. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll index 4badf4e20705..293d15b7461d 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll @@ -146,7 +146,7 @@ class MicrosoftOwinRequestRemoteFlowSource extends RemoteFlowSource, DataFlow::E p = owinRequest.getQueryStringProperty() or p = owinRequest.getRemoteIpAddressProperty() or p = owinRequest.getSchemeProperty() or - p = owinRequest.getURIProperty() + p = owinRequest.getUriProperty() ) } diff --git a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql index c588b37d14d3..396a57e1aeff 100644 --- a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql +++ b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql @@ -22,9 +22,9 @@ import semmle.code.csharp.frameworks.system.Web from XmlElement element where element instanceof FormsElement and - not element.(FormsElement).isRequireSSL() + not element.(FormsElement).isRequireSsl() or element instanceof HttpCookiesElement and - not element.(HttpCookiesElement).isRequireSSL() and + not element.(HttpCookiesElement).isRequireSsl() and not any(SystemWebHttpCookie c).getSecureProperty().getAnAssignedValue().getValue() = "true" select element, "The 'requireSSL' attribute is not set to 'true'." diff --git a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql index a11f2d846775..f27ce50e7faf 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql @@ -66,10 +66,10 @@ where // the `exists` below covers the `cs/web/requiressl-not-set` not exists(XmlElement element | element instanceof FormsElement and - element.(FormsElement).isRequireSSL() + element.(FormsElement).isRequireSsl() or element instanceof HttpCookiesElement and - element.(HttpCookiesElement).isRequireSSL() + element.(HttpCookiesElement).isRequireSsl() ) ) ) diff --git a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll index 5a7099d9fa2e..b30372a791b0 100644 --- a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll @@ -29,15 +29,15 @@ newtype TInstruction = UnaliasedSsa::SSA::hasUnreachedInstruction(irFunc) } or TAliasedSsaPhiInstruction( - TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation + TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation ) { - AliasedSSA::SSA::hasPhiInstruction(blockStartInstr, memoryLocation) + AliasedSsa::SSA::hasPhiInstruction(blockStartInstr, memoryLocation) } or TAliasedSsaChiInstruction(TRawInstruction primaryInstruction) { - AliasedSSA::SSA::hasChiInstruction(primaryInstruction) + AliasedSsa::SSA::hasChiInstruction(primaryInstruction) } or TAliasedSsaUnreachedInstruction(IRFunctionBase irFunc) { - AliasedSSA::SSA::hasUnreachedInstruction(irFunc) + AliasedSsa::SSA::hasUnreachedInstruction(irFunc) } /** @@ -83,7 +83,7 @@ module AliasedSsaInstructions { class TPhiInstruction = TAliasedSsaPhiInstruction or TUnaliasedSsaPhiInstruction; TPhiInstruction phiInstruction( - TRawInstruction blockStartInstr, AliasedSSA::SSA::MemoryLocation memoryLocation + TRawInstruction blockStartInstr, AliasedSsa::SSA::MemoryLocation memoryLocation ) { result = TAliasedSsaPhiInstruction(blockStartInstr, memoryLocation) } diff --git a/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll b/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll index 252f390bf55c..039e024e82d2 100644 --- a/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll +++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstructionInternal.qll @@ -1,4 +1,7 @@ import experimental.ir.internal.IRCSharpLanguage as Language import experimental.ir.implementation.raw.internal.IRConstruction as IRConstruction import experimental.ir.implementation.unaliased_ssa.internal.SSAConstruction as UnaliasedSsa -import AliasedSSAStub as AliasedSSA +import AliasedSSAStub as AliasedSsa + +/** DEPRECATED: Alias for AliasedSsa */ +deprecated module AliasedSSA = AliasedSsa; diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index 303a96830114..901735069c06 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -5,8 +5,8 @@ private import Imports::OperandTag private import Imports::Overlap private import Imports::TInstruction private import Imports::RawIR as RawIR -private import SSAInstructions -private import SSAOperands +private import SsaInstructions +private import SsaOperands private import NewIR private class OldBlock = Reachability::ReachableBlock; diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll index 005ea53b0188..c0c0a8614b2f 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstructionInternal.qll @@ -3,7 +3,14 @@ import experimental.ir.implementation.raw.internal.reachability.ReachableBlock a import experimental.ir.implementation.raw.internal.reachability.Dominance as Dominance import experimental.ir.implementation.unaliased_ssa.IR as NewIR import experimental.ir.implementation.raw.internal.IRConstruction as RawStage -import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SSAInstructions +import experimental.ir.implementation.internal.TInstruction::UnaliasedSsaInstructions as SsaInstructions + +/** DEPRECATED: Alias for SsaInstructions */ +deprecated module SSAInstructions = SsaInstructions; + import experimental.ir.internal.IRCSharpLanguage as Language import SimpleSSA as Alias -import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SSAOperands +import experimental.ir.implementation.internal.TOperand::UnaliasedSsaOperands as SsaOperands + +/** DEPRECATED: Alias for SsaOperands */ +deprecated module SSAOperands = SsaOperands; diff --git a/go/ql/lib/semmle/go/frameworks/Couchbase.qll b/go/ql/lib/semmle/go/frameworks/Couchbase.qll index 983c445d7107..a569cc6b3ab7 100644 --- a/go/ql/lib/semmle/go/frameworks/Couchbase.qll +++ b/go/ql/lib/semmle/go/frameworks/Couchbase.qll @@ -62,7 +62,7 @@ module Couchbase { * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of * the official Couchbase Go library, gocb. */ - private class CouchbaseV1Query extends NoSQL::Query::Range { + private class CouchbaseV1Query extends NoSql::Query::Range { CouchbaseV1Query() { // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error) // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error) @@ -81,7 +81,7 @@ module Couchbase { * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of * the official Couchbase Go library, gocb. */ - private class CouchbaseV2Query extends NoSQL::Query::Range { + private class CouchbaseV2Query extends NoSql::Query::Range { CouchbaseV2Query() { // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error) // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error) diff --git a/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll b/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll index 3ce4df3dc924..35ebb507f5e8 100644 --- a/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll +++ b/go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll @@ -43,8 +43,8 @@ module K8sIoApimachineryPkgRuntime { } } - private class DeepCopyJSON extends TaintTracking::FunctionModel { - DeepCopyJSON() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) } + private class DeepCopyJson extends TaintTracking::FunctionModel { + DeepCopyJson() { this.hasQualifiedName(packagePath(), ["DeepCopyJSON", "DeepCopyJSONValue"]) } override predicate hasTaintFlow(DataFlow::FunctionInput inp, DataFlow::FunctionOutput outp) { inp.isParameter(0) and outp.isResult() diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll index 9f9ca609084e..578cf67d33f6 100644 --- a/go/ql/lib/semmle/go/frameworks/NoSQL.qll +++ b/go/ql/lib/semmle/go/frameworks/NoSQL.qll @@ -4,8 +4,8 @@ import go -/** Provides classes for working with NoSQL-related APIs. */ -module NoSQL { +/** Provides classes for working with NoSql-related APIs. */ +module NoSql { /** * A data-flow node whose value is interpreted as (part of) a NoSQL query. * @@ -18,7 +18,7 @@ module NoSQL { Query() { this = self } } - /** Provides classes for working with NoSQL queries. */ + /** Provides classes for working with NoSql queries. */ module Query { /** * A data-flow node whose value is interpreted as (part of) a NoSQL query. @@ -119,3 +119,6 @@ module NoSQL { ) } } + +/** DEPRECATED: Alias for NoSql */ +deprecated module NoSQL = NoSql; diff --git a/go/ql/lib/semmle/go/frameworks/WebSocket.qll b/go/ql/lib/semmle/go/frameworks/WebSocket.qll index 55f36709a5c9..d3264467b451 100644 --- a/go/ql/lib/semmle/go/frameworks/WebSocket.qll +++ b/go/ql/lib/semmle/go/frameworks/WebSocket.qll @@ -288,8 +288,8 @@ module WebSocketReader { /** * The `ServerWebSocket.MessageReceiveJSON` method of the `github.com/revel/revel` package. */ - private class RevelServerWebSocketMessageReceiveJSON extends Range, Method { - RevelServerWebSocketMessageReceiveJSON() { + private class RevelServerWebSocketMessageReceiveJson extends Range, Method { + RevelServerWebSocketMessageReceiveJson() { // func MessageReceiveJSON(v interface{}) error this.hasQualifiedName(Revel::packagePath(), "ServerWebSocket", "MessageReceiveJSON") } diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll index d09f6aaa4c56..432320a413ae 100644 --- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll +++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll @@ -14,15 +14,18 @@ private import Logrus /** * A `Function` that is considered a "safe" external API from a security perspective. */ -abstract class SafeExternalAPIFunction extends Function { } +abstract class SafeExternalApiFunction extends Function { } + +/** DEPRECATED: Alias for SafeExternalApiFunction */ +deprecated class SafeExternalAPIFunction = SafeExternalApiFunction; private predicate isDefaultSafePackage(Package package) { package.getPath() in ["time", "unicode/utf8", package("gopkg.in/go-playground/validator", "")] } /** The default set of "safe" external APIs. */ -private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction { - DefaultSafeExternalAPIFunction() { +private class DefaultSafeExternalApiFunction extends SafeExternalApiFunction { + DefaultSafeExternalApiFunction() { this instanceof BuiltinFunction or isDefaultSafePackage(this.getPackage()) or this.hasQualifiedName(package("gopkg.in/square/go-jose", "jwt"), "ParseSigned") or @@ -52,11 +55,11 @@ private predicate isProbableLocalFunctionPointer(DataFlow::CallNode callNode) { } /** A node representing data being passed to an external API. */ -class ExternalAPIDataNode extends DataFlow::Node { +class ExternalApiDataNode extends DataFlow::Node { DataFlow::CallNode call; int i; - ExternalAPIDataNode() { + ExternalApiDataNode() { ( // Argument to call to a function this = call.getArgument(i) @@ -74,7 +77,7 @@ class ExternalAPIDataNode extends DataFlow::Node { // Not already modeled as a taint step not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and // Not a call to a known safe external API - not call.getTarget() instanceof SafeExternalAPIFunction + not call.getTarget() instanceof SafeExternalApiFunction } /** Gets the called API `Function`. */ @@ -102,6 +105,9 @@ class ExternalAPIDataNode extends DataFlow::Node { } } +/** DEPRECATED: Alias for ExternalApiDataNode */ +deprecated class ExternalAPIDataNode = ExternalApiDataNode; + /** Gets the name of a method in package `p` which has a function model. */ TaintTracking::FunctionModel getAMethodModelInPackage(Package p) { p = result.getPackage() and @@ -140,8 +146,8 @@ predicate isACommonSink(DataFlow::Node n) { } /** A node representing data being passed to an unknown external API. */ -class UnknownExternalAPIDataNode extends ExternalAPIDataNode { - UnknownExternalAPIDataNode() { +class UnknownExternalApiDataNode extends ExternalApiDataNode { + UnknownExternalApiDataNode() { // Not a sink for a commonly-used query not isACommonSink(this) and // Not in a package that has some functions modeled @@ -149,47 +155,59 @@ class UnknownExternalAPIDataNode extends ExternalAPIDataNode { } } -/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalAPIDataNode`s. */ -class UntrustedDataToExternalAPIConfig extends TaintTracking::Configuration { - UntrustedDataToExternalAPIConfig() { this = "UntrustedDataToExternalAPIConfig" } +/** DEPRECATED: Alias for UnknownExternalApiDataNode */ +deprecated class UnknownExternalAPIDataNode = UnknownExternalApiDataNode; + +/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ +class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration { + UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" } override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource } - override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalAPIDataNode } + override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } } -/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalAPIDataNode`s. */ -class UntrustedDataToUnknownExternalAPIConfig extends TaintTracking::Configuration { - UntrustedDataToUnknownExternalAPIConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" } +/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */ +deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig; + +/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalApiDataNode`s. */ +class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration { + UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" } override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource } - override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalAPIDataNode } + override predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode } } +/** DEPRECATED: Alias for UntrustedDataToUnknownExternalApiConfig */ +deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknownExternalApiConfig; + /** A node representing untrusted data being passed to an external API. */ -class UntrustedExternalAPIDataNode extends ExternalAPIDataNode { - UntrustedExternalAPIDataNode() { any(UntrustedDataToExternalAPIConfig c).hasFlow(_, this) } +class UntrustedExternalApiDataNode extends ExternalApiDataNode { + UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ DataFlow::Node getAnUntrustedSource() { - any(UntrustedDataToExternalAPIConfig c).hasFlow(result, this) + any(UntrustedDataToExternalApiConfig c).hasFlow(result, this) } } -private newtype TExternalAPI = - TExternalAPIParameter(Function m, int index) { - exists(UntrustedExternalAPIDataNode n | +/** DEPRECATED: Alias for UntrustedExternalApiDataNode */ +deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; + +private newtype TExternalApi = + TExternalApiParameter(Function m, int index) { + exists(UntrustedExternalApiDataNode n | m = n.getFunction() and index = n.getIndex() ) } /** An external API which is used with untrusted data. */ -class ExternalAPIUsedWithUntrustedData extends TExternalAPI { +class ExternalApiUsedWithUntrustedData extends TExternalApi { /** Gets a possibly untrusted use of this external API. */ - UntrustedExternalAPIDataNode getUntrustedDataNode() { - this = TExternalAPIParameter(result.getFunction(), result.getIndex()) + UntrustedExternalApiDataNode getUntrustedDataNode() { + this = TExternalApiParameter(result.getFunction(), result.getIndex()) } /** Gets the number of untrusted sources used with this external API. */ @@ -202,10 +220,13 @@ class ExternalAPIUsedWithUntrustedData extends TExternalAPI { exists(Function f, int index, string indexString | if index = -1 then indexString = "receiver" else indexString = "param " + index | - this = TExternalAPIParameter(f, index) and + this = TExternalApiParameter(f, index) and if exists(f.getQualifiedName()) then result = f.getQualifiedName() + " [" + indexString + "]" else result = f.getName() + " [" + indexString + "]" ) } } + +/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ +deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/go/ql/lib/semmle/go/security/SqlInjection.qll b/go/ql/lib/semmle/go/security/SqlInjection.qll index 665b55fca092..24acf4cf5947 100644 --- a/go/ql/lib/semmle/go/security/SqlInjection.qll +++ b/go/ql/lib/semmle/go/security/SqlInjection.qll @@ -24,7 +24,7 @@ module SqlInjection { override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - NoSQL::isAdditionalMongoTaintStep(pred, succ) + NoSql::isAdditionalMongoTaintStep(pred, succ) } override predicate isSanitizer(DataFlow::Node node) { diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll index 23e46ee31802..11e794a9f1eb 100644 --- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll @@ -42,8 +42,8 @@ module SqlInjection { SqlQueryAsSink() { this instanceof SQL::QueryString } } - /** A NoSQL query, considered as a taint sink for SQL injection. */ + /** A NoSql query, considered as a taint sink for SQL injection. */ class NoSqlQueryAsSink extends Sink { - NoSqlQueryAsSink() { this instanceof NoSQL::Query } + NoSqlQueryAsSink() { this instanceof NoSql::Query } } } diff --git a/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql b/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql index cd8592e8fc2a..b23cd0030232 100644 --- a/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +++ b/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql @@ -11,7 +11,7 @@ import go import semmle.go.security.ExternalAPIs -from ExternalAPIUsedWithUntrustedData externalAPI -select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses, - externalAPI.getNumberOfUntrustedSources() as numberOfUntrustedSources order by +from ExternalApiUsedWithUntrustedData externalApi +select externalApi, count(externalApi.getUntrustedDataNode()) as numberOfUses, + externalApi.getNumberOfUntrustedSources() as numberOfUntrustedSources order by numberOfUntrustedSources desc diff --git a/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 6b4f7b87aa02..d5c06a288b65 100644 --- a/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -13,8 +13,8 @@ import go import semmle.go.security.ExternalAPIs import DataFlow::PathGraph -from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink +from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) select sink, source, sink, - "Call to " + sink.getNode().(ExternalAPIDataNode).getFunctionDescription() + + "Call to " + sink.getNode().(ExternalApiDataNode).getFunctionDescription() + " with untrusted data from $@.", source, source.toString() diff --git a/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql b/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql index 00cfe7f3b26f..6a954628fae9 100644 --- a/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql +++ b/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql @@ -14,8 +14,8 @@ import semmle.go.security.ExternalAPIs import DataFlow::PathGraph from - UntrustedDataToUnknownExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink + UntrustedDataToUnknownExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink where config.hasFlowPath(source, sink) select sink, source, sink, - "Call to " + sink.getNode().(UnknownExternalAPIDataNode).getFunctionDescription() + + "Call to " + sink.getNode().(UnknownExternalApiDataNode).getFunctionDescription() + " with untrusted data from $@.", source, source.toString() diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql index 72fcd16059c8..a35fc03b0305 100644 --- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql +++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql @@ -18,8 +18,8 @@ import DataFlow::PathGraph * A method that creates a new URL that will send the user * to the OAuth 2.0 authorization dialog of the provider. */ -class AuthCodeURL extends Method { - AuthCodeURL() { +class AuthCodeUrl extends Method { + AuthCodeUrl() { this.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "AuthCodeURL") } } @@ -32,7 +32,7 @@ class ConstantStateFlowConf extends DataFlow::Configuration { ConstantStateFlowConf() { this = "ConstantStateFlowConf" } predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) { - exists(AuthCodeURL m | call = m.getACall() | sink = call.getArgument(0)) + exists(AuthCodeUrl m | call = m.getACall() | sink = call.getArgument(0)) } override predicate isSource(DataFlow::Node source) { @@ -110,7 +110,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration { } predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) { - exists(AuthCodeURL m | call = m.getACall() | sink = call.getReceiver()) + exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver()) } override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) } @@ -130,7 +130,7 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) { ) } -/** A flow from `golang.org/x/oauth2.Config.AuthCodeURL`'s result to a logging function. */ +/** A flow from `golang.org/x/oauth2.Config.AuthCodeUrl`'s result to a logging function. */ class FlowToPrint extends DataFlow::Configuration { FlowToPrint() { this = "FlowToPrint" } @@ -139,17 +139,17 @@ class FlowToPrint extends DataFlow::Configuration { } override predicate isSource(DataFlow::Node source) { - source = any(AuthCodeURL m).getACall().getResult() + source = any(AuthCodeUrl m).getACall().getResult() } override predicate isSink(DataFlow::Node sink) { this.isSink(sink, _) } } /** Holds if the provided `CallNode`'s result flows to an argument of a printer call. */ -predicate resultFlowsToPrinter(DataFlow::CallNode authCodeURLCall) { +predicate resultFlowsToPrinter(DataFlow::CallNode authCodeUrlCall) { exists(FlowToPrint cfg, DataFlow::PathNode source, DataFlow::PathNode sink | cfg.hasFlowPath(source, sink) and - authCodeURLCall.getResult() = source.getNode() + authCodeUrlCall.getResult() = source.getNode() ) } @@ -188,9 +188,9 @@ predicate containsCallToStdinScanner(FuncDef funcDef) { getAScannerCall().getRoo * and a call to a scanner (`fmt.Scan` and similar), * all of which are typically done within a terminal session. */ -predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeURLCall) { - resultFlowsToPrinter(authCodeURLCall) and - containsCallToStdinScanner(authCodeURLCall.getRoot()) +predicate seemsLikeDoneWithinATerminal(DataFlow::CallNode authCodeUrlCall) { + resultFlowsToPrinter(authCodeUrlCall) and + containsCallToStdinScanner(authCodeUrlCall.getRoot()) } from diff --git a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql index 6acacf2cb027..cfe40a0066ee 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql +++ b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql @@ -1,13 +1,13 @@ import go import TestUtilities.InlineExpectationsTest -class NoSQLQueryTest extends InlineExpectationsTest { - NoSQLQueryTest() { this = "NoSQLQueryTest" } +class NoSqlQueryTest extends InlineExpectationsTest { + NoSqlQueryTest() { this = "NoSQLQueryTest" } override string getARelevantTag() { result = "nosqlquery" } override predicate hasActualResult(Location location, string element, string tag, string value) { - exists(NoSQL::Query q | + exists(NoSql::Query q | q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and element = q.toString() and diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql b/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql index 1861a1e408de..6cccd06604b5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql @@ -1,8 +1,8 @@ import go import TestUtilities.InlineExpectationsTest -class SQLTest extends InlineExpectationsTest { - SQLTest() { this = "SQLTest" } +class SqlTest extends InlineExpectationsTest { + SqlTest() { this = "SQLTest" } override string getARelevantTag() { result = "query" } diff --git a/java/ql/lib/semmle/code/java/J2EE.qll b/java/ql/lib/semmle/code/java/J2EE.qll index 5daec35b562e..15b0281e4d13 100755 --- a/java/ql/lib/semmle/code/java/J2EE.qll +++ b/java/ql/lib/semmle/code/java/J2EE.qll @@ -19,33 +19,45 @@ class EnterpriseBean extends RefType { } /** A local EJB home interface. */ -class LocalEJBHomeInterface extends Interface { - LocalEJBHomeInterface() { +class LocalEjbHomeInterface extends Interface { + LocalEjbHomeInterface() { exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i)) } } +/** DEPRECATED: Alias for LocalEjbHomeInterface */ +deprecated class LocalEJBHomeInterface = LocalEjbHomeInterface; + /** A remote EJB home interface. */ -class RemoteEJBHomeInterface extends Interface { - RemoteEJBHomeInterface() { +class RemoteEjbHomeInterface extends Interface { + RemoteEjbHomeInterface() { exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i)) } } +/** DEPRECATED: Alias for RemoteEjbHomeInterface */ +deprecated class RemoteEJBHomeInterface = RemoteEjbHomeInterface; + /** A local EJB interface. */ -class LocalEJBInterface extends Interface { - LocalEJBInterface() { +class LocalEjbInterface extends Interface { + LocalEjbInterface() { exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i)) } } +/** DEPRECATED: Alias for LocalEjbInterface */ +deprecated class LocalEJBInterface = LocalEjbInterface; + /** A remote EJB interface. */ -class RemoteEJBInterface extends Interface { - RemoteEJBInterface() { +class RemoteEjbInterface extends Interface { + RemoteEjbInterface() { exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i)) } } +/** DEPRECATED: Alias for RemoteEjbInterface */ +deprecated class RemoteEJBInterface = RemoteEjbInterface; + /** A message bean. */ class MessageBean extends Class { MessageBean() { diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index 7c5c2e913946..4a12730b60f3 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -314,21 +314,27 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed /** * Entry point for EJB home interfaces. */ -class EJBHome extends Interface, EntryPoint { - EJBHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") } +class EjbHome extends Interface, EntryPoint { + EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") } override Callable getALiveCallable() { result = this.getACallable() } } +/** DEPRECATED: Alias for EjbHome */ +deprecated class EJBHome = EjbHome; + /** * Entry point for EJB object interfaces. */ -class EJBObject extends Interface, EntryPoint { - EJBObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") } +class EjbObject extends Interface, EntryPoint { + EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") } override Callable getALiveCallable() { result = this.getACallable() } } +/** DEPRECATED: Alias for EjbObject */ +deprecated class EJBObject = EjbObject; + class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass { GsonDeserializationEntryPoint() { // Assume any class with a gson annotated field can be deserialized. diff --git a/java/ql/lib/semmle/code/java/frameworks/Camel.qll b/java/ql/lib/semmle/code/java/frameworks/Camel.qll index 0d7161e5f8f1..c72c884220ba 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Camel.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Camel.qll @@ -10,19 +10,22 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations /** * A string describing a URI specified in an Apache Camel "to" declaration. */ -class CamelToURI extends string { - CamelToURI() { - exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getURI()) or - exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getURI()) +class CamelToUri extends string { + CamelToUri() { + exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getUri()) or + exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getUri()) } } +/** DEPRECATED: Alias for CamelToUri */ +deprecated class CamelToURI = CamelToUri; + /** * A string describing a URI specified in an Apache Camel "to" declaration that maps to a * SpringBean. */ -class CamelToBeanURI extends CamelToURI { - CamelToBeanURI() { +class CamelToBeanUri extends CamelToUri { + CamelToBeanUri() { // A `` element references a bean if the URI starts with "bean:", or there is no scheme. matches("bean:%") or not exists(indexOf(":")) @@ -51,6 +54,9 @@ class CamelToBeanURI extends CamelToURI { SpringBean getRefBean() { result.getBeanIdentifier() = this.getBeanIdentifier() } } +/** DEPRECATED: Alias for CamelToBeanUri */ +deprecated class CamelToBeanURI = CamelToBeanUri; + /** * A Class whose methods may be called in response to an Apache Camel message. */ @@ -64,7 +70,7 @@ class CamelTargetClass extends Class { this = camelXmlBeanRef.getBeanType() ) or - exists(CamelToBeanURI toBeanURI | this = toBeanURI.getRefBean().getClass()) + exists(CamelToBeanUri toBeanUri | this = toBeanUri.getRefBean().getClass()) or exists(SpringCamelXmlMethodElement xmlMethod | this = xmlMethod.getRefBean().getClass() or diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll index 0d7d6a69f030..82e837862be7 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll @@ -134,14 +134,17 @@ deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRe /** * The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`. */ -class HttpServletRequestGetRequestURIMethod extends Method { - HttpServletRequestGetRequestURIMethod() { +class HttpServletRequestGetRequestUriMethod extends Method { + HttpServletRequestGetRequestUriMethod() { this.getDeclaringType() instanceof HttpServletRequest and this.hasName("getRequestURI") and this.getNumberOfParameters() = 0 } } +/** DEPRECATED: Alias for HttpServletRequestGetRequestUriMethod */ +deprecated class HttpServletRequestGetRequestURIMethod = HttpServletRequestGetRequestUriMethod; + /** * The method `getRemoteUser()` declared in `javax.servlet.http.HttpServletRequest`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll index 1d1f852e9372..e4b687a73b0d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll +++ b/java/ql/lib/semmle/code/java/frameworks/camel/CamelJavaDSL.qll @@ -41,7 +41,10 @@ class CamelJavaDSLToDecl extends ProcessorDefinitionElement { /** * Gets the URI specified by this `to` declaration. */ - string getURI() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() } + string getUri() { result = getArgument(0).(CompileTimeConstantExpr).getStringValue() } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll b/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll index 0da207804821..d96e91e010ad 100644 --- a/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll +++ b/java/ql/lib/semmle/code/java/frameworks/gwt/GWT.qll @@ -92,19 +92,25 @@ private predicate jsniComment(Javadoc jsni, Method m) { * A JavaScript Native Interface (JSNI) comment that contains JavaScript code * implementing a native method. */ -class JSNIComment extends Javadoc { - JSNIComment() { jsniComment(this, _) } +class JsniComment extends Javadoc { + JsniComment() { jsniComment(this, _) } /** Gets the method implemented by this comment. */ Method getImplementedMethod() { jsniComment(this, result) } } +/** DEPRECATED: Alias for JsniComment */ +deprecated class JSNIComment = JsniComment; + /** * A JavaScript Native Interface (JSNI) method. */ -class JSNIMethod extends Method { - JSNIMethod() { jsniComment(_, this) } +class JsniMethod extends Method { + JsniMethod() { jsniComment(_, this) } /** Gets the comment containing the JavaScript code for this method. */ - JSNIComment getImplementation() { jsniComment(result, this) } + JsniComment getImplementation() { jsniComment(result, this) } } + +/** DEPRECATED: Alias for JsniMethod */ +deprecated class JSNIMethod = JsniMethod; diff --git a/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll b/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll index 26eddf06b40c..0fb8ed3cd70d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/gwt/GwtUiBinderXml.qll @@ -17,7 +17,7 @@ class GwtUiBinderTemplateElement extends XmlElement { GwtUiBinderTemplateElement() { this.getParent() instanceof GwtUiTemplateXmlFile and this.getName() = "UiBinder" and - this.getNamespace().getURI() = "urn:ui:com.google.gwt.uibinder" + this.getNamespace().getUri() = "urn:ui:com.google.gwt.uibinder" } } @@ -27,7 +27,7 @@ class GwtUiBinderTemplateElement extends XmlElement { class GwtComponentTemplateElement extends XmlElement { GwtComponentTemplateElement() { exists(GwtUiBinderTemplateElement templateElement | this = templateElement.getAChild*() | - this.getNamespace().getURI().substring(0, 10) = "urn:import" + this.getNamespace().getUri().substring(0, 10) = "urn:import" ) } @@ -36,7 +36,7 @@ class GwtComponentTemplateElement extends XmlElement { */ Class getClass() { exists(string namespace | - namespace = this.getNamespace().getURI() and + namespace = this.getNamespace().getUri() and result.getQualifiedName() = namespace.substring(11, namespace.length()) + "." + this.getName() ) } diff --git a/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll b/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll index 113c8b76024e..43325fef90e3 100644 --- a/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll +++ b/java/ql/lib/semmle/code/java/frameworks/j2objc/J2ObjC.qll @@ -7,8 +7,8 @@ import java /** * An Objective-C Native Interface (OCNI) comment. */ -class OCNIComment extends Javadoc { - OCNIComment() { +class OcniComment extends Javadoc { + OcniComment() { // The comment must start with `-[` ... this.getChild(0).getText().matches("-[%") and // ... and it must end with `]-`. @@ -16,8 +16,11 @@ class OCNIComment extends Javadoc { } } +/** DEPRECATED: Alias for OcniComment */ +deprecated class OCNIComment = OcniComment; + /** Auxiliary predicate: `ocni` is an OCNI comment associated with method `m`. */ -private predicate ocniComment(OCNIComment ocni, Method m) { +private predicate ocniComment(OcniComment ocni, Method m) { // The associated callable must be marked as `native` ... m.isNative() and // ... and the comment has to be contained in `m`. @@ -30,21 +33,27 @@ private predicate ocniComment(OCNIComment ocni, Method m) { * An Objective-C Native Interface (OCNI) comment that contains Objective-C code * implementing a native method. */ -class OCNIMethodComment extends OCNIComment { - OCNIMethodComment() { ocniComment(this, _) } +class OcniMethodComment extends OcniComment { + OcniMethodComment() { ocniComment(this, _) } /** Gets the method implemented by this comment. */ Method getImplementedMethod() { ocniComment(this, result) } } +/** DEPRECATED: Alias for OcniMethodComment */ +deprecated class OCNIMethodComment = OcniMethodComment; + /** * An Objective-C Native Interface (OCNI) native import comment. */ -class OCNIImport extends OCNIComment { - OCNIImport() { +class OcniImport extends OcniComment { + OcniImport() { this.getAChild().getText().regexpMatch(".*#(import|include).*") and not exists(RefType rt | rt.getFile() = this.getFile() | rt.getLocation().getStartLine() < this.getLocation().getStartLine() ) } } + +/** DEPRECATED: Alias for OcniImport */ +deprecated class OCNIImport = OcniImport; diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll index 5a65891020a0..df0c74b2c30c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll @@ -14,8 +14,8 @@ abstract class EJB extends Class { /** * A session EJB. */ -class SessionEJB extends EJB { - SessionEJB() { +class SessionEjb extends EJB { + SessionEjb() { // Subtype of `javax.ejb.SessionBean`. this instanceof SessionBean or // EJB annotations. @@ -50,8 +50,8 @@ class SessionEJB extends EJB { * using either an annotation or an XML deployment descriptor. */ private BusinessInterface getAnExplicitBusinessInterface() { - result.(AnnotatedBusinessInterface).getAnEJB() = this or - result.(XmlSpecifiedBusinessInterface).getAnEJB() = this + result.(AnnotatedBusinessInterface).getAnEjb() = this or + result.(XmlSpecifiedBusinessInterface).getAnEjb() = this } /** @@ -69,40 +69,40 @@ class SessionEJB extends EJB { LegacyEjbRemoteInterface getARemoteInterface() { result = this.getASupertype() and result instanceof ExtendedRemoteInterface or - exists(AnnotatedRemoteHomeInterface i | i.getAnEJB() = this | + exists(AnnotatedRemoteHomeInterface i | i.getAnEjb() = this | result = i.getAnAssociatedRemoteInterface() ) or - result.(XmlSpecifiedRemoteInterface).getAnEJB() = this + result.(XmlSpecifiedRemoteInterface).getAnEjb() = this } /** Any remote home interfaces of this EJB. */ LegacyEjbRemoteHomeInterface getARemoteHomeInterface() { result = this.getASupertype() and result instanceof ExtendedRemoteHomeInterface or - result.(AnnotatedRemoteHomeInterface).getAnEJB() = this + result.(AnnotatedRemoteHomeInterface).getAnEjb() = this or - result.(XmlSpecifiedRemoteHomeInterface).getAnEJB() = this + result.(XmlSpecifiedRemoteHomeInterface).getAnEjb() = this } /** Any local interfaces of this EJB. */ LegacyEjbLocalInterface getALocalInterface() { result = this.getASupertype() and result instanceof ExtendedLocalInterface or - exists(AnnotatedLocalHomeInterface i | i.getAnEJB() = this | + exists(AnnotatedLocalHomeInterface i | i.getAnEjb() = this | result = i.getAnAssociatedLocalInterface() ) or - result.(XmlSpecifiedLocalInterface).getAnEJB() = this + result.(XmlSpecifiedLocalInterface).getAnEjb() = this } /** Any local home interfaces of this EJB. */ LegacyEjbLocalHomeInterface getALocalHomeInterface() { result = this.getASupertype() and result instanceof ExtendedLocalHomeInterface or - result.(AnnotatedLocalHomeInterface).getAnEJB() = this + result.(AnnotatedLocalHomeInterface).getAnEjb() = this or - result.(XmlSpecifiedLocalHomeInterface).getAnEJB() = this + result.(XmlSpecifiedLocalHomeInterface).getAnEjb() = this } /** Any `ejbCreate*` methods required for legacy remote or local home interfaces. */ @@ -112,11 +112,14 @@ class SessionEJB extends EJB { EjbAnnotatedInitMethod getAnAnnotatedInitMethod() { this.inherits(result) } } +/** DEPRECATED: Alias for SessionEjb */ +deprecated class SessionEJB = SessionEjb; + /** * A stateful session EJB. */ -class StatefulSessionEJB extends SessionEJB { - StatefulSessionEJB() { +class StatefulSessionEjb extends SessionEjb { + StatefulSessionEjb() { // EJB annotations. this.getAnAnnotation().getType().hasName("Stateful") or @@ -129,11 +132,14 @@ class StatefulSessionEJB extends SessionEJB { } } +/** DEPRECATED: Alias for StatefulSessionEjb */ +deprecated class StatefulSessionEJB = StatefulSessionEjb; + /** * A stateless session EJB. */ -class StatelessSessionEJB extends SessionEJB { - StatelessSessionEJB() { +class StatelessSessionEjb extends SessionEjb { + StatelessSessionEjb() { // EJB annotations. this.getAnAnnotation().getType().hasName("Stateless") or @@ -146,6 +152,9 @@ class StatelessSessionEJB extends SessionEJB { } } +/** DEPRECATED: Alias for StatelessSessionEjb */ +deprecated class StatelessSessionEJB = StatelessSessionEjb; + /** * A message-driven EJB. */ @@ -168,8 +177,8 @@ class MessageDrivenBean extends EJB { /** * An entity EJB (deprecated as of EJB 3.0). */ -class EntityEJB extends EJB { - EntityEJB() { +class EntityEjb extends EJB { + EntityEjb() { // Subtype of `javax.ejb.EntityBean`. this instanceof EntityBean or @@ -181,6 +190,9 @@ class EntityEJB extends EJB { } } +/** DEPRECATED: Alias for EntityEjb */ +deprecated class EntityEJB = EntityEjb; + /* * Business interfaces (applicable to session beans). */ @@ -231,7 +243,10 @@ class LocalAnnotation extends BusinessInterfaceAnnotation { */ abstract class BusinessInterface extends Interface { /** Gets an EJB to which this business interface belongs. */ - abstract SessionEJB getAnEJB(); + abstract SessionEjb getAnEjb(); + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } /** Holds if this business interface is declared local. */ abstract predicate isDeclaredLocal(); @@ -251,7 +266,7 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface { ) } - override SessionEJB getAnEJB() { + override SessionEjb getAnEjb() { exists(EjbJarXmlFile f, EjbJarSessionElement se | se = f.getASessionElement() and this.getQualifiedName() = se.getABusinessElement().getACharactersSet().getCharacters() and @@ -259,6 +274,9 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface { ) } + /** DEPRECATED: Alias for getAnEjb */ + deprecated override SessionEJB getAnEJB() { result = getAnEjb() } + override predicate isDeclaredLocal() { exists(EjbJarXmlFile f | this.getQualifiedName() = @@ -291,10 +309,13 @@ class AnnotatedBusinessInterface extends BusinessInterface { * Any class that has a `@Local` or `@Remote` annotation that names this interface * is an EJB to which this business interface belongs. */ - override SessionEJB getAnEJB() { + override SessionEjb getAnEjb() { result.getAnAnnotation().(BusinessInterfaceAnnotation).getANamedType() = this } + /** DEPRECATED: Alias for getAnEjb */ + deprecated override SessionEJB getAnEJB() { result = getAnEjb() } + override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface } override predicate isDeclaredRemote() { this instanceof RemoteAnnotatedBusinessInterface } @@ -338,7 +359,7 @@ class InitAnnotation extends Annotation { class EjbAnnotatedInitMethod extends Method { EjbAnnotatedInitMethod() { this.getAnAnnotation() instanceof InitAnnotation and - exists(SessionEJB ejb | ejb.inherits(this)) + exists(SessionEjb ejb | ejb.inherits(this)) } } @@ -349,7 +370,7 @@ class EjbAnnotatedInitMethod extends Method { class EjbCreateMethod extends Method { EjbCreateMethod() { this.getName().matches("ejbCreate%") and - exists(SessionEJB ejb | ejb.inherits(this)) + exists(SessionEjb ejb | ejb.inherits(this)) } /** Gets the suffix of the method name without the `ejbCreate` prefix. */ @@ -405,8 +426,8 @@ abstract class LegacyEjbHomeInterface extends LegacyEjbInterface { /** A legacy remote interface. */ abstract class LegacyEjbRemoteInterface extends LegacyEjbInterface { } -/** A legacy remote interface that extends `javax.ejb.EJBObject`. */ -class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterface { } +/** A legacy remote interface that extends `javax.ejb.EjbObject`. */ +class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEjbInterface { } /** A legacy remote interface specified within an XML deployment descriptor. */ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface { @@ -421,20 +442,23 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface { * Gets a session EJB specified in the XML deployment descriptor * for this legacy EJB remote interface. */ - SessionEJB getAnEJB() { + SessionEjb getAnEjb() { exists(EjbJarXmlFile f, EjbJarSessionElement se | se = f.getASessionElement() and this.getQualifiedName() = se.getARemoteElement().getACharactersSet().getCharacters() and result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() ) } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } } /** A legacy remote home interface. */ abstract class LegacyEjbRemoteHomeInterface extends LegacyEjbHomeInterface { } -/** A legacy remote home interface that extends `javax.ejb.EJBHome`. */ -class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEJBHomeInterface { } +/** A legacy remote home interface that extends `javax.ejb.EjbHome`. */ +class ExtendedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface, RemoteEjbHomeInterface { } /** A legacy remote home interface specified by means of a `@RemoteHome` annotation. */ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface { @@ -444,7 +468,10 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface { } /** Gets an EJB to which this interface belongs. */ - SessionEJB getAnEJB() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this } + SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } /** Gets a remote interface associated with this legacy remote home interface. */ Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() } @@ -460,20 +487,23 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface { } /** Gets an EJB to which this interface belongs. */ - SessionEJB getAnEJB() { + SessionEjb getAnEjb() { exists(EjbJarXmlFile f, EjbJarSessionElement se | se = f.getASessionElement() and this.getQualifiedName() = se.getARemoteHomeElement().getACharactersSet().getCharacters() and result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() ) } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } } /** A legacy local interface. */ abstract class LegacyEjbLocalInterface extends LegacyEjbInterface { } /** A legacy local interface that extends `javax.ejb.EJBLocalObject`. */ -class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface { } +class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEjbInterface { } /** A legacy local interface specified within an XML deployment descriptor. */ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface { @@ -485,20 +515,23 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface { } /** Gets an EJB to which this interface belongs. */ - SessionEJB getAnEJB() { + SessionEjb getAnEjb() { exists(EjbJarXmlFile f, EjbJarSessionElement se | se = f.getASessionElement() and this.getQualifiedName() = se.getALocalElement().getACharactersSet().getCharacters() and result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() ) } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } } /** A legacy local home interface. */ abstract class LegacyEjbLocalHomeInterface extends LegacyEjbHomeInterface { } /** A legacy local home interface that extends `javax.ejb.EJBLocalHome`. */ -class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEJBHomeInterface { } +class ExtendedLocalHomeInterface extends LegacyEjbLocalHomeInterface, LocalEjbHomeInterface { } /** A legacy local home interface specified by means of a `@LocalHome` annotation. */ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface { @@ -508,7 +541,10 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface { } /** Gets an EJB to which this interface belongs. */ - SessionEJB getAnEJB() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this } + SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } /** Gets a local interface associated with this legacy local home interface. */ Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() } @@ -524,13 +560,16 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface { } /** Gets an EJB to which this interface belongs. */ - SessionEJB getAnEJB() { + SessionEjb getAnEjb() { exists(EjbJarXmlFile f, EjbJarSessionElement se | se = f.getASessionElement() and this.getQualifiedName() = se.getALocalHomeElement().getACharactersSet().getCharacters() and result.getQualifiedName() = se.getAnEjbClassElement().getACharactersSet().getCharacters() ) } + + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } } /** @@ -541,19 +580,22 @@ class RemoteInterface extends Interface { RemoteInterface() { this instanceof RemoteAnnotatedBusinessInterface or this.(XmlSpecifiedBusinessInterface).isDeclaredRemote() or - exists(SessionEJB ejb | this = ejb.getARemoteInterface()) + exists(SessionEjb ejb | this = ejb.getARemoteInterface()) } /** * Any EJBs associated with this `RemoteInterface` * by means of annotations or `ejb-jar.xml` configuration files. */ - SessionEJB getAnEJB() { + SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteAnnotation).getANamedType() = this or - result = this.(XmlSpecifiedRemoteInterface).getAnEJB() or + result = this.(XmlSpecifiedRemoteInterface).getAnEjb() or result.getARemoteInterface() = this } + /** DEPRECATED: Alias for getAnEjb */ + deprecated SessionEJB getAnEJB() { result = getAnEjb() } + /** * A "remote method" is a method that is available on the remote * interface (either because it's declared or inherited). @@ -585,8 +627,8 @@ class RemoteInterface extends Interface { * but the EJB is not a subtype of this remote interface. */ Method getARemoteMethodImplementationUnchecked() { - exists(SessionEJB ejb, Method rm | - ejb = this.getAnEJB() and + exists(SessionEjb ejb, Method rm | + ejb = this.getAnEjb() and not ejb.getAnAncestor() = this and rm = this.getARemoteMethod() and result = getAnInheritedMatchingMethodIgnoreThrows(ejb, rm.getSignature()) and @@ -648,13 +690,13 @@ private predicate throwsExplicitUncheckedException(Method m, Exception ex) { } /** Gets a method (inherited by `ejb`) matching the signature `sig`. (Ignores `throws` clauses.) */ -Method getAnInheritedMatchingMethodIgnoreThrows(SessionEJB ejb, string sig) { +Method getAnInheritedMatchingMethodIgnoreThrows(SessionEjb ejb, string sig) { ejb.inherits(result) and sig = result.getSignature() } /** Holds if `ejb` inherits a method matching the given signature. (Ignores `throws` clauses.) */ -predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) { +predicate inheritsMatchingMethodIgnoreThrows(SessionEjb ejb, string signature) { exists(getAnInheritedMatchingMethodIgnoreThrows(ejb, signature)) } @@ -662,7 +704,7 @@ predicate inheritsMatchingMethodIgnoreThrows(SessionEJB ejb, string signature) { * If `ejb` inherits a method matching the signature of `m` except for the `throws` clause, * then return any type in the `throws` clause that does not match. */ -Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) { +Type inheritsMatchingMethodExceptThrows(SessionEjb ejb, Method m) { exists(Method n, string sig | ejb.inherits(n) and sig = n.getSignature() and @@ -679,7 +721,7 @@ Type inheritsMatchingMethodExceptThrows(SessionEJB ejb, Method m) { * (Ignores `throws` clauses.) */ predicate inheritsMatchingCreateMethodIgnoreThrows( - StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm + StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm ) { exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() | cm.getMethodSuffix() = icm.getMethodSuffix() and @@ -705,7 +747,7 @@ predicate inheritsMatchingCreateMethodIgnoreThrows( * If `ejb` inherits an `ejbCreate` or `@Init` method matching `create` method `m` except for the `throws` clause, * then return any type in the `throws` clause that does not match. */ -Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEJB ejb, EjbInterfaceCreateMethod icm) { +Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfaceCreateMethod icm) { exists(EjbCreateMethod cm | cm = ejb.getAnEjbCreateMethod() | cm.getMethodSuffix() = icm.getMethodSuffix() and cm.getNumberOfParameters() = icm.getNumberOfParameters() and @@ -814,10 +856,13 @@ class DependsOnAnnotation extends Annotation { /** * A `@javax.ejb.EJB` annotation. */ -class EJBAnnotation extends Annotation { - EJBAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") } +class EjbAnnotation extends Annotation { + EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") } } +/** DEPRECATED: Alias for EjbAnnotation */ +deprecated class EJBAnnotation = EjbAnnotation; + /** * A `@javax.ejb.EJBs` annotation. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll index 6a446c51fa40..34f8df241922 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBean.qll @@ -16,7 +16,7 @@ class SpringBean extends SpringXmlElement { SpringBean() { this.getName() = "bean" and // Do not capture Camel beans, which are different - not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring" + not this.getNamespace().getUri() = "http://camel.apache.org/schema/spring" } override string toString() { result = this.getBeanIdentifier() } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll index 656837e6d5e2..79146c981206 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll @@ -10,7 +10,7 @@ import semmle.code.java.frameworks.spring.SpringBean * An Apache Camel element in a Spring Beans file. */ class SpringCamelXmlElement extends SpringXmlElement { - SpringCamelXmlElement() { getNamespace().getURI() = "http://camel.apache.org/schema/spring" } + SpringCamelXmlElement() { getNamespace().getUri() = "http://camel.apache.org/schema/spring" } } /** DEPRECATED: Alias for SpringCamelXmlElement */ @@ -114,7 +114,10 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement { /** * Gets the URI attribute for this `` element. */ - string getURI() { result = getAttribute("uri").getValue() } + string getUri() { result = getAttribute("uri").getValue() } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } } /** DEPRECATED: Alias for SpringCamelXmlToElement */ diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index c04fde2999fd..39e3f2d21102 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -4,8 +4,8 @@ import java -class SSLClass extends RefType { - SSLClass() { +class SslClass extends RefType { + SslClass() { exists(Class c | this.getAnAncestor() = c | c.hasQualifiedName("javax.net.ssl", _) or c.hasQualifiedName("javax.rmi.ssl", _) @@ -13,6 +13,9 @@ class SSLClass extends RefType { } } +/** DEPRECATED: Alias for SslClass */ +deprecated class SSLClass = SslClass; + class X509TrustManager extends RefType { X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") } } @@ -25,34 +28,52 @@ class HttpsUrlConnection extends RefType { /** DEPRECATED: Alias for HttpsUrlConnection */ deprecated class HttpsURLConnection = HttpsUrlConnection; -class SSLSocketFactory extends RefType { - SSLSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") } +class SslSocketFactory extends RefType { + SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") } } -class SSLContext extends RefType { - SSLContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") } +/** DEPRECATED: Alias for SslSocketFactory */ +deprecated class SSLSocketFactory = SslSocketFactory; + +class SslContext extends RefType { + SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") } } -/** The `javax.net.ssl.SSLSession` class. */ -class SSLSession extends RefType { - SSLSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") } +/** DEPRECATED: Alias for SslContext */ +deprecated class SSLContext = SslContext; + +/** The `javax.net.ssl.SslSession` class. */ +class SslSession extends RefType { + SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") } } -/** The `javax.net.ssl.SSLEngine` class. */ -class SSLEngine extends RefType { - SSLEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") } +/** DEPRECATED: Alias for SslSession */ +deprecated class SSLSession = SslSession; + +/** The `javax.net.ssl.SslEngine` class. */ +class SslEngine extends RefType { + SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") } } -/** The `javax.net.ssl.SSLSocket` class. */ -class SSLSocket extends RefType { - SSLSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") } +/** DEPRECATED: Alias for SslEngine */ +deprecated class SSLEngine = SslEngine; + +/** The `javax.net.ssl.SslSocket` class. */ +class SslSocket extends RefType { + SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") } } -/** The `javax.net.ssl.SSLParameters` class. */ -class SSLParameters extends RefType { - SSLParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") } +/** DEPRECATED: Alias for SslSocket */ +deprecated class SSLSocket = SslSocket; + +/** The `javax.net.ssl.SslParameters` class. */ +class SslParameters extends RefType { + SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") } } +/** DEPRECATED: Alias for SslParameters */ +deprecated class SSLParameters = SslParameters; + class HostnameVerifier extends RefType { HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") } } @@ -73,7 +94,7 @@ class HostnameVerifierVerify extends Method { this.hasName("verify") and this.getDeclaringType().getAnAncestor() instanceof HostnameVerifier and this.getParameterType(0) instanceof TypeString and - this.getParameterType(1) instanceof SSLSession + this.getParameterType(1) instanceof SslSession } } @@ -87,22 +108,22 @@ class TrustManagerCheckMethod extends Method { class CreateSocket extends Method { CreateSocket() { this.hasName("createSocket") and - this.getDeclaringType() instanceof SSLSocketFactory + this.getDeclaringType() instanceof SslSocketFactory } } class GetSocketFactory extends Method { GetSocketFactory() { this.hasName("getSocketFactory") and - this.getDeclaringType() instanceof SSLContext + this.getDeclaringType() instanceof SslContext } } -/** The `createSSLEngine` method of the class `javax.net.ssl.SSLContext`. */ +/** The `createSSLEngine` method of the class `javax.net.ssl.SslContext`. */ class CreateSslEngineMethod extends Method { CreateSslEngineMethod() { this.hasName("createSSLEngine") and - this.getDeclaringType() instanceof SSLContext + this.getDeclaringType() instanceof SslContext } } @@ -128,35 +149,35 @@ class SetDefaultHostnameVerifierMethod extends Method { } } -/** The `beginHandshake` method of the class `javax.net.ssl.SSLEngine`. */ +/** The `beginHandshake` method of the class `javax.net.ssl.SslEngine`. */ class BeginHandshakeMethod extends Method { BeginHandshakeMethod() { this.hasName("beginHandshake") and - this.getDeclaringType().getAnAncestor() instanceof SSLEngine + this.getDeclaringType().getAnAncestor() instanceof SslEngine } } -/** The `wrap` method of the class `javax.net.ssl.SSLEngine`. */ +/** The `wrap` method of the class `javax.net.ssl.SslEngine`. */ class SslWrapMethod extends Method { SslWrapMethod() { this.hasName("wrap") and - this.getDeclaringType().getAnAncestor() instanceof SSLEngine + this.getDeclaringType().getAnAncestor() instanceof SslEngine } } -/** The `unwrap` method of the class `javax.net.ssl.SSLEngine`. */ +/** The `unwrap` method of the class `javax.net.ssl.SslEngine`. */ class SslUnwrapMethod extends Method { SslUnwrapMethod() { this.hasName("unwrap") and - this.getDeclaringType().getAnAncestor() instanceof SSLEngine + this.getDeclaringType().getAnAncestor() instanceof SslEngine } } -/** The `getSession` method of the class `javax.net.ssl.SSLSession`. */ +/** The `getSession` method of the class `javax.net.ssl.SslSession`. */ class GetSslSessionMethod extends Method { GetSslSessionMethod() { this.hasName("getSession") and - this.getDeclaringType().getAnAncestor() instanceof SSLSession + this.getDeclaringType().getAnAncestor() instanceof SslSession } } diff --git a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll index 1ca9e34e282c..ebc8615befb7 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll @@ -26,7 +26,7 @@ private class DefaultInsecureTrustManagerSink extends InsecureTrustManagerSink { DefaultInsecureTrustManagerSink() { exists(MethodAccess ma, Method m | m.hasName("init") and - m.getDeclaringType() instanceof SSLContext and + m.getDeclaringType() instanceof SslContext and ma.getMethod() = m | ma.getArgument(1) = this.asExpr() diff --git a/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll b/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll index 073f7905a83a..d780207bbdae 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll @@ -56,7 +56,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer { SslEngineServerMode() { exists(MethodAccess ma, Method m | m.hasName("setUseClientMode") and - m.getDeclaringType().getAnAncestor() instanceof SSLEngine and + m.getDeclaringType().getAnAncestor() instanceof SslEngine and ma.getMethod() = m and ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and this.asExpr() = ma.getQualifier() @@ -69,9 +69,9 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer { * or the qualifier of `createSocket` is an instance of `SSLSocketFactory`. */ private predicate isSslSocket(MethodAccess createSocket) { - createSocket = any(CastExpr ce | ce.getType() instanceof SSLSocket).getExpr() + createSocket = any(CastExpr ce | ce.getType() instanceof SslSocket).getExpr() or - createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SSLSocketFactory + createSocket.getQualifier().getType().(RefType).getAnAncestor() instanceof SslSocketFactory } /** diff --git a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll index ec5f43685ace..ee87fdc64ee3 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeCertTrustQuery.qll @@ -44,7 +44,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration { } override predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma, RefType t | t instanceof SSLSocket or t instanceof SSLEngine | + exists(MethodAccess ma, RefType t | t instanceof SslSocket or t instanceof SslEngine | ma.getMethod().hasName("setSSLParameters") and ma.getMethod().getDeclaringType().getAnAncestor() = t and ma.getArgument(0) = sink.asExpr() @@ -58,7 +58,7 @@ private class SafeSslParametersFlowConfig extends DataFlow2::Configuration { private class SafeSetEndpointIdentificationAlgorithm extends MethodAccess { SafeSetEndpointIdentificationAlgorithm() { this.getMethod().hasName("setEndpointIdentificationAlgorithm") and - this.getMethod().getDeclaringType() instanceof SSLParameters and + this.getMethod().getDeclaringType() instanceof SslParameters and not this.getArgument(0) instanceof NullLiteral and not this.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "" } diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index e67aea657ff1..5882677c27db 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -324,7 +324,7 @@ Expr configOptionIsSupportingExternalEntities() { /** * An `XmlInputFactory` specific expression that indicates whether DTD is supported. */ -Expr configOptionSupportDTD() { +Expr configOptionSupportDtd() { result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD" or exists(Field f | @@ -334,6 +334,9 @@ Expr configOptionSupportDTD() { ) } +/** DEPRECATED: Alias for configOptionSupportDtd */ +deprecated Expr configOptionSupportDTD() { result = configOptionSupportDtd() } + /** * A safely configured `XmlInputFactory`. */ @@ -345,7 +348,7 @@ class SafeXmlInputFactory extends VarAccess { config.disables(configOptionIsSupportingExternalEntities()) ) and exists(XmlInputFactoryConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configOptionSupportDTD()) + config.disables(configOptionSupportDtd()) ) ) } @@ -907,7 +910,7 @@ class XmlConstants extends RefType { } /** A configuration specific for transformers and schema. */ -Expr configAccessExternalDTD() { +Expr configAccessExternalDtd() { result.(ConstantStringExpr).getStringValue() = "http://javax.xml.XMLConstants/property/accessExternalDTD" or @@ -918,6 +921,9 @@ Expr configAccessExternalDTD() { ) } +/** DEPRECATED: Alias for configAccessExternalDtd */ +deprecated Expr configAccessExternalDTD() { result = configAccessExternalDtd() } + /** A configuration specific for transformers. */ Expr configAccessExternalStyleSheet() { result.(ConstantStringExpr).getStringValue() = @@ -1040,7 +1046,7 @@ class SafeTransformerFactory extends VarAccess { SafeTransformerFactory() { exists(Variable v | v = this.getVariable() | exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configAccessExternalDTD()) + config.disables(configAccessExternalDtd()) ) and exists(TransformerFactoryConfig config | config.getQualifier() = v.getAnAccess() | config.disables(configAccessExternalStyleSheet()) @@ -1141,7 +1147,7 @@ class SafeSchemaFactory extends VarAccess { SafeSchemaFactory() { exists(Variable v | v = this.getVariable() | exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configAccessExternalDTD()) + config.disables(configAccessExternalDtd()) ) and exists(SchemaFactoryConfig config | config.getQualifier() = v.getAnAccess() | config.disables(configAccessExternalSchema()) diff --git a/java/ql/lib/semmle/code/xml/XML.qll b/java/ql/lib/semmle/code/xml/XML.qll index cd8accc63ae0..ccf8ab5b55f2 100755 --- a/java/ql/lib/semmle/code/xml/XML.qll +++ b/java/ql/lib/semmle/code/xml/XML.qll @@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File { XmlElement getARootElement() { result = this.getAChild() } /** Gets a DTD associated with this XML file. */ - XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) } + XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } + + /** DEPRECATED: Alias for getADtd */ + deprecated XmlDTD getADTD() { result = getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile; * * ``` */ -class XmlDTD extends XmlLocatable, @xmldtd { +class XmlDtd extends XmlLocatable, @xmldtd { /** Gets the name of the root element of this DTD. */ string getRoot() { xmlDTDs(this, result, _, _, _) } @@ -174,7 +177,10 @@ class XmlDTD extends XmlLocatable, @xmldtd { } } -/** DEPRECATED: Alias for XmlDTD */ +/** DEPRECATED: Alias for XmlDtd */ +deprecated class XmlDTD = XmlDtd; + +/** DEPRECATED: Alias for XmlDtd */ deprecated class XMLDTD = XmlDTD; /** @@ -282,15 +288,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getPrefix() { xmlNs(this, result, _, _) } /** Gets the URI of this namespace. */ - string getURI() { xmlNs(this, _, result, _) } + string getUri() { xmlNs(this, _, result, _) } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } override string toString() { - this.isDefault() and result = this.getURI() + this.isDefault() and result = this.getUri() or - not this.isDefault() and result = this.getPrefix() + ":" + this.getURI() + not this.isDefault() and result = this.getPrefix() + ":" + this.getUri() } } diff --git a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql index f79be48d2a29..920958ce3ce7 100644 --- a/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql +++ b/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql @@ -81,7 +81,7 @@ predicate exceptions(Class c, Field f) { // Stateless session beans are not normally serialized during their usual life-cycle // but are forced by their expected supertype to be serializable. // Arguably, warnings for their non-serializable fields can therefore be suppressed in practice. - c instanceof StatelessSessionEJB + c instanceof StatelessSessionEjb or // Enum types are serialized by name, so it doesn't matter if they have non-serializable fields. c instanceof EnumType diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql index ba3dee696dd6..e9bf5ed0ed2b 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql @@ -33,10 +33,10 @@ where or c instanceof Socket and type = "socket" ) and - not c instanceof SSLClass and + not c instanceof SslClass and not exists(RefType t | exprTypeFlow(m.getQualifier(), t, _) and - t instanceof SSLClass + t instanceof SslClass ) and ( m.getMethod().getName() = "getInputStream" or diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql index 5defe0cd612c..abf68b465fe5 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql @@ -65,7 +65,7 @@ predicate query(MethodAccess m, Method def, int paramNo, string message, Element // an SSL factory, ... usesFactory(def, paramNo) and evidence = m.getArgument(paramNo) and - not evidence.(Expr).getType() instanceof SSLClass and + not evidence.(Expr).getType() instanceof SslClass and message = "has a non-SSL factory argument " or // ... or there is an overloaded method on the same type that does take a factory, diff --git a/java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll b/java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll index f2c7c96f5712..87451b3c808c 100644 --- a/java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll +++ b/java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll @@ -107,8 +107,8 @@ class CommentedOutCode extends JavadocFirst { CommentedOutCode() { anyCount(this) > 0 and codeCount(this).(float) / anyCount(this).(float) > 0.5 and - not this instanceof JSNIComment and - not this instanceof OCNIComment + not this instanceof JsniComment and + not this instanceof OcniComment } /** diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index 9028f2d686f4..e897e367cb25 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -87,7 +87,7 @@ predicate isTestMethod(MethodAccess ma) { } /** Holds if `MethodAccess` ma disables SSL endpoint check. */ -predicate isInsecureSSLEndpoint(MethodAccess ma) { +predicate isInsecureSslEndpoint(MethodAccess ma) { ( ma.getMethod() instanceof SetSystemPropertyMethod and isPropertyDisableLdapEndpointId(ma.getArgument(0)) and @@ -105,6 +105,6 @@ predicate isInsecureSSLEndpoint(MethodAccess ma) { from MethodAccess ma where - isInsecureSSLEndpoint(ma) and + isInsecureSslEndpoint(ma) and not isTestMethod(ma) select ma, "LDAPS configuration allows insecure endpoint identification" diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll index 7ca794220fbf..3d54e85e5f1d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll @@ -27,7 +27,7 @@ class UnsafeTlsVersionConfig extends TaintTracking::Configuration { class SslContextGetInstanceSink extends DataFlow::ExprNode { SslContextGetInstanceSink() { exists(StaticMethodAccess ma, Method m | m = ma.getMethod() | - m.getDeclaringType() instanceof SSLContext and + m.getDeclaringType() instanceof SslContext and m.hasName("getInstance") and ma.getArgument(0) = asExpr() ) @@ -40,7 +40,7 @@ class SslContextGetInstanceSink extends DataFlow::ExprNode { */ class CreateSslParametersSink extends DataFlow::ExprNode { CreateSslParametersSink() { - exists(ConstructorCall cc | cc.getConstructedType() instanceof SSLParameters | + exists(ConstructorCall cc | cc.getConstructedType() instanceof SslParameters | cc.getArgument(1) = asExpr() ) } @@ -53,7 +53,7 @@ class CreateSslParametersSink extends DataFlow::ExprNode { class SslParametersSetProtocolsSink extends DataFlow::ExprNode { SslParametersSetProtocolsSink() { exists(MethodAccess ma, Method m | m = ma.getMethod() | - m.getDeclaringType() instanceof SSLParameters and + m.getDeclaringType() instanceof SslParameters and m.hasName("setProtocols") and ma.getArgument(0) = asExpr() ) @@ -70,9 +70,9 @@ class SetEnabledProtocolsSink extends DataFlow::ExprNode { m = ma.getMethod() and type = m.getDeclaringType() | ( - type instanceof SSLSocket or - type instanceof SSLServerSocket or - type instanceof SSLEngine + type instanceof SslSocket or + type instanceof SslServerSocket or + type instanceof SslEngine ) and m.hasName("setEnabledProtocols") and ma.getArgument(0) = asExpr() @@ -94,6 +94,9 @@ class UnsafeTlsVersion extends StringLiteral { } } -class SSLServerSocket extends RefType { - SSLServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") } +class SslServerSocket extends RefType { + SslServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") } } + +/** DEPRECATED: Alias for SslServerSocket */ +deprecated class SSLServerSocket = SslServerSocket; diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql index b63c9a9ce024..de6034e94663 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql @@ -125,7 +125,7 @@ predicate isBasicAuthEnv(MethodAccess ma) { /** * Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`. */ -predicate isSSLEnv(MethodAccess ma) { +predicate isSslEnv(MethodAccess ma) { hasFieldValueEnv(ma, "java.naming.security.protocol", "ssl") or hasFieldNameEnv(ma, "SECURITY_PROTOCOL", "ssl") } @@ -182,13 +182,13 @@ class BasicAuthFlowConfig extends DataFlow::Configuration { /** * A taint-tracking configuration for `ssl` configuration in LDAP authentication. */ -class SSLFlowConfig extends DataFlow::Configuration { - SSLFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" } +class SslFlowConfig extends DataFlow::Configuration { + SslFlowConfig() { this = "InsecureLdapAuth:SSLFlowConfig" } /** Source of `ssl` configuration. */ override predicate isSource(DataFlow::Node src) { exists(MethodAccess ma | - isSSLEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr() + isSslEnv(ma) and ma.getQualifier() = src.(PostUpdateNode).getPreUpdateNode().asExpr() ) } @@ -205,6 +205,6 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureUrlFlowConfig c where config.hasFlowPath(source, sink) and exists(BasicAuthFlowConfig bc | bc.hasFlowTo(sink.getNode())) and - not exists(SSLFlowConfig sc | sc.hasFlowTo(sink.getNode())) + not exists(SslFlowConfig sc | sc.hasFlowTo(sink.getNode())) select sink.getNode(), source, sink, "Insecure LDAP authentication from $@.", source.getNode(), "LDAP connection string" diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql index 07fe560d14f6..f7e7545d068f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql @@ -25,7 +25,7 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration { source instanceof RemoteFlowSource and not exists(MethodAccess ma, Method m | ma.getMethod() = m | ( - m instanceof HttpServletRequestGetRequestURIMethod or + m instanceof HttpServletRequestGetRequestUriMethod or m instanceof HttpServletRequestGetRequestUrlMethod or m instanceof HttpServletRequestGetPathMethod ) and diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll b/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll index 341570a73e46..3f44faa54d0d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll @@ -73,7 +73,7 @@ class SafeValidator extends VarAccess { SafeValidator() { exists(Variable v | v = this.getVariable() | exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configAccessExternalDTD()) + config.disables(configAccessExternalDtd()) ) and exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | config.disables(configAccessExternalSchema()) diff --git a/java/ql/test/library-tests/gwt/JSNI.ql b/java/ql/test/library-tests/gwt/JSNI.ql index d97ab4bacb1b..ed06ad1de6a7 100644 --- a/java/ql/test/library-tests/gwt/JSNI.ql +++ b/java/ql/test/library-tests/gwt/JSNI.ql @@ -1,5 +1,5 @@ import java import semmle.code.java.frameworks.gwt.GWT -from JSNIComment jsni +from JsniComment jsni select jsni, jsni.getImplementedMethod() diff --git a/java/ql/test/library-tests/j2objc/OCNIComment.ql b/java/ql/test/library-tests/j2objc/OCNIComment.ql index 8e206709a981..27ff5a4864de 100644 --- a/java/ql/test/library-tests/j2objc/OCNIComment.ql +++ b/java/ql/test/library-tests/j2objc/OCNIComment.ql @@ -1,6 +1,6 @@ import semmle.code.java.frameworks.j2objc.J2ObjC -from OCNIComment ocni +from OcniComment ocni select ocni.getFile().getStem(), ocni.getLocation().getStartLine(), ocni.getLocation().getStartColumn(), ocni.getLocation().getEndLine(), ocni.getLocation().getEndColumn(), ocni.toString(), ocni.getAQlClass() diff --git a/javascript/ql/lib/semmle/javascript/XML.qll b/javascript/ql/lib/semmle/javascript/XML.qll index cd8accc63ae0..ccf8ab5b55f2 100755 --- a/javascript/ql/lib/semmle/javascript/XML.qll +++ b/javascript/ql/lib/semmle/javascript/XML.qll @@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File { XmlElement getARootElement() { result = this.getAChild() } /** Gets a DTD associated with this XML file. */ - XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) } + XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } + + /** DEPRECATED: Alias for getADtd */ + deprecated XmlDTD getADTD() { result = getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile; * * ``` */ -class XmlDTD extends XmlLocatable, @xmldtd { +class XmlDtd extends XmlLocatable, @xmldtd { /** Gets the name of the root element of this DTD. */ string getRoot() { xmlDTDs(this, result, _, _, _) } @@ -174,7 +177,10 @@ class XmlDTD extends XmlLocatable, @xmldtd { } } -/** DEPRECATED: Alias for XmlDTD */ +/** DEPRECATED: Alias for XmlDtd */ +deprecated class XmlDTD = XmlDtd; + +/** DEPRECATED: Alias for XmlDtd */ deprecated class XMLDTD = XmlDTD; /** @@ -282,15 +288,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getPrefix() { xmlNs(this, result, _, _) } /** Gets the URI of this namespace. */ - string getURI() { xmlNs(this, _, result, _) } + string getUri() { xmlNs(this, _, result, _) } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } override string toString() { - this.isDefault() and result = this.getURI() + this.isDefault() and result = this.getUri() or - not this.isDefault() and result = this.getPrefix() + ":" + this.getURI() + not this.isDefault() and result = this.getPrefix() + ":" + this.getUri() } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll index 45146fd6b9f1..5985735a1067 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll @@ -4,9 +4,9 @@ import javascript -/** Provides classes for modeling NoSQL query sinks. */ +/** Provides classes for modeling NoSql query sinks. */ module NoSql { - /** An expression that is interpreted as a NoSQL query. */ + /** An expression that is interpreted as a NoSql query. */ abstract class Query extends Expr { /** Gets an expression that is interpreted as a code operator in this query. */ DataFlow::Node getACodeOperator() { none() } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll b/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll index 59dfa3047cd4..0eccacac0b7f 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ServerLess.qll @@ -14,15 +14,15 @@ private module ServerLess { * Holds if the `.yml` file `ymlFile` contains a serverless configuration with `handler` and `codeURI` properties. * `codeURI` defaults to the empty string if no explicit value is set in the configuration. */ - private predicate hasServerlessHandler(File ymlFile, string handler, string codeURI) { + private predicate hasServerlessHandler(File ymlFile, string handler, string codeUri) { exists(YAMLMapping resource | ymlFile = resource.getFile() | // There exists at least "AWS::Serverless::Function" and "Aliyun::Serverless::Function" resource.lookup("Type").(YAMLScalar).getValue().regexpMatch(".*::Serverless::Function") and exists(YAMLMapping properties | properties = resource.lookup("Properties") | handler = properties.lookup("Handler").(YAMLScalar).getValue() and if exists(properties.lookup("CodeUri")) - then codeURI = properties.lookup("CodeUri").(YAMLScalar).getValue() - else codeURI = "" + then codeUri = properties.lookup("CodeUri").(YAMLScalar).getValue() + else codeUri = "" ) or // The `serverless` library, which specifies a top-level `functions` property @@ -30,7 +30,7 @@ private module ServerLess { functions = resource.lookup("functions") and not exists(resource.getParentNode()) and handler = functions.getValue(_).(YAMLMapping).lookup("handler").(YAMLScalar).getValue() and - codeURI = "" + codeUri = "" ) ) } @@ -58,9 +58,9 @@ private module ServerLess { * * For example if `codeURI` is "function/." and `file` is "index", then the result becomes "function/index.js". */ - bindingset[codeURI, file] - private string getPathFromHandlerProperties(string codeURI, string file) { - exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeURI)) | + bindingset[codeUri, file] + private string getPathFromHandlerProperties(string codeUri, string file) { + exists(string folder | folder = removeLeadingDotSlash(removeTrailingDot(codeUri)) | result = folder + file + ".js" ) } @@ -69,8 +69,8 @@ private module ServerLess { * Holds if `file` has a serverless handler function with name `func`. */ private predicate hasServerlessHandler(File file, string func) { - exists(File ymlFile, string handler, string codeURI, string fileName | - hasServerlessHandler(ymlFile, handler, codeURI) and + exists(File ymlFile, string handler, string codeUri, string fileName | + hasServerlessHandler(ymlFile, handler, codeUri) and // Splits a `handler` into two components. The `fileName` to the left of the dot, and the `func` to the right. // E.g. if `handler` is "index.foo", then `fileName` is "index" and `func` is "foo". exists(string pattern | pattern = "(.*)\\.(.*)" | @@ -80,7 +80,7 @@ private module ServerLess { | file.getAbsolutePath() = ymlFile.getParentContainer().getAbsolutePath() + "/" + - getPathFromHandlerProperties(codeURI, fileName) + getPathFromHandlerProperties(codeUri, fileName) ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll index 00aa569ddd2e..6549f40ebdd2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll @@ -177,7 +177,7 @@ module ClientSideUrlRedirect { ) or // e.g. node.setAttribute("href", sink) - any(DomMethodCallExpr call).interpretsArgumentsAsURL(this.asExpr()) + any(DomMethodCallExpr call).interpretsArgumentsAsUrl(this.asExpr()) } override predicate isXssSink() { any() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll index 3763e495f856..28818f91bb1f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll @@ -86,7 +86,7 @@ class DomMethodCallExpr extends MethodCallExpr { /** * Holds if `arg` is an argument that is used as an URL. */ - predicate interpretsArgumentsAsURL(Expr arg) { + predicate interpretsArgumentsAsUrl(Expr arg) { exists(int argPos, string name | arg = this.getArgument(argPos) and name = this.getMethodName() @@ -103,6 +103,9 @@ class DomMethodCallExpr extends MethodCallExpr { ) } + /** DEPRECATED: Alias for interpretsArgumentsAsUrl */ + deprecated predicate interpretsArgumentsAsURL(Expr arg) { interpretsArgumentsAsUrl(arg) } + /** DEPRECATED: Alias for interpretsArgumentsAsHtml */ deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index 672005d98358..72c4020526b3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -23,13 +23,16 @@ deprecated class JQueryHtmlOrSelectorInjectionConfiguration = Configuration; * A sink that is not a URL write or a JQuery selector, * assumed to be a value that is interpreted as HTML. */ -class HTMLSink extends DataFlow::Node instanceof Sink { - HTMLSink() { +class HtmlSink extends DataFlow::Node instanceof Sink { + HtmlSink() { not this instanceof WriteUrlSink and not this instanceof JQueryHtmlOrSelectorSink } } +/** DEPRECATED: Alias for HtmlSink */ +deprecated class HTMLSink = HtmlSink; + /** * A taint-tracking configuration for reasoning about XSS. * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks. @@ -55,7 +58,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink instanceof HTMLSink and + sink instanceof HtmlSink and label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()] or sink instanceof JQueryHtmlOrSelectorSink and diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll index e1239bff5f55..31963b6843e2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll @@ -1,10 +1,10 @@ -/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */ +/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */ import javascript -private import ExternalAPIUsedWithUntrustedDataQuery as ExternalAPIUsedWithUntrustedDataQuery // ignore-query-import +private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntrustedDataQuery // ignore-query-import -/** DEPRECATED. Import `ExternalAPIUsedWithUntrustedDataQuery` instead. */ -deprecated module ExternalApiUsedWithUntrustedData = ExternalAPIUsedWithUntrustedDataQuery; +/** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */ +deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery; /** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index fd44d69435cd..4c68f20738af 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -62,7 +62,7 @@ module Shared { } } - private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHTML + private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml /** * A guard that checks if a string can contain quotes, which is a guard for strings that are inside a HTML attribute. @@ -72,7 +72,7 @@ module Shared { this.getSubstring().mayHaveStringValue("\"") and this.getBaseString() .getALocalSource() - .flowsTo(any(IncompleteHTML::HtmlAttributeConcatenation attributeConcat)) + .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat)) } override predicate sanitizes(boolean outcome, Expr e) { diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index df9301a46c35..eba6df5c1862 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -1845,7 +1845,7 @@ private module StdlibPrivate { deprecated module SimpleHTTPServer = SimpleHttpServer; // --------------------------------------------------------------------------- - // CGIHTTPServer (Python 2 only) + // CgiHttpServer (Python 2 only) // --------------------------------------------------------------------------- /** Gets a reference to the `CGIHTTPServer` module. */ API::Node cgiHttpServer() { result = API::moduleImport("CGIHTTPServer") } @@ -1854,16 +1854,22 @@ private module StdlibPrivate { deprecated API::Node cgiHTTPServer() { result = cgiHttpServer() } /** Provides models for the `CGIHTTPServer` module. */ - module CGIHTTPServer { + module CgiHttpServer { /** * Provides models for the `CGIHTTPServer.CGIHTTPRequestHandler` class (Python 2 only). */ - module CGIHTTPRequestHandler { - /** Gets a reference to the `CGIHTTPServer.CGIHTTPRequestHandler` class. */ + module CgiHttpRequestHandler { + /** Gets a reference to the `CGIHTTPServer.CgiHttpRequestHandler` class. */ API::Node classRef() { result = cgiHttpServer().getMember("CGIHTTPRequestHandler") } } + + /** DEPRECATED: Alias for CgiHttpRequestHandler */ + deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler; } + /** DEPRECATED: Alias for CgiHttpServer */ + deprecated module CGIHTTPServer = CgiHttpServer; + // --------------------------------------------------------------------------- // http (Python 3 only) // --------------------------------------------------------------------------- @@ -1911,10 +1917,13 @@ private module StdlibPrivate { * * See https://docs.python.org/3.9/library/http.server.html#http.server.CGIHTTPRequestHandler. */ - module CGIHTTPRequestHandler { + module CgiHttpRequestHandler { /** Gets a reference to the `http.server.CGIHTTPRequestHandler` class. */ API::Node classRef() { result = server().getMember("CGIHTTPRequestHandler") } } + + /** DEPRECATED: Alias for CgiHttpRequestHandler */ + deprecated module CGIHTTPRequestHandler = CgiHttpRequestHandler; } } @@ -1933,11 +1942,11 @@ private module StdlibPrivate { // Python 2 BaseHttpServer::BaseHttpRequestHandler::classRef(), SimpleHttpServer::SimpleHttpRequestHandler::classRef(), - CGIHTTPServer::CGIHTTPRequestHandler::classRef(), + CgiHttpServer::CgiHttpRequestHandler::classRef(), // Python 3 Http::Server::BaseHttpRequestHandler::classRef(), Http::Server::SimpleHttpRequestHandler::classRef(), - Http::Server::CGIHTTPRequestHandler::classRef() + Http::Server::CgiHttpRequestHandler::classRef() ].getASubclass*() } diff --git a/python/ql/lib/semmle/python/xml/XML.qll b/python/ql/lib/semmle/python/xml/XML.qll index cd8accc63ae0..ccf8ab5b55f2 100755 --- a/python/ql/lib/semmle/python/xml/XML.qll +++ b/python/ql/lib/semmle/python/xml/XML.qll @@ -132,7 +132,10 @@ class XmlFile extends XmlParent, File { XmlElement getARootElement() { result = this.getAChild() } /** Gets a DTD associated with this XML file. */ - XmlDTD getADTD() { xmlDTDs(result, _, _, _, this) } + XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } + + /** DEPRECATED: Alias for getADtd */ + deprecated XmlDTD getADTD() { result = getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -149,7 +152,7 @@ deprecated class XMLFile = XmlFile; * * ``` */ -class XmlDTD extends XmlLocatable, @xmldtd { +class XmlDtd extends XmlLocatable, @xmldtd { /** Gets the name of the root element of this DTD. */ string getRoot() { xmlDTDs(this, result, _, _, _) } @@ -174,7 +177,10 @@ class XmlDTD extends XmlLocatable, @xmldtd { } } -/** DEPRECATED: Alias for XmlDTD */ +/** DEPRECATED: Alias for XmlDtd */ +deprecated class XmlDTD = XmlDtd; + +/** DEPRECATED: Alias for XmlDtd */ deprecated class XMLDTD = XmlDTD; /** @@ -282,15 +288,18 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getPrefix() { xmlNs(this, result, _, _) } /** Gets the URI of this namespace. */ - string getURI() { xmlNs(this, _, result, _) } + string getUri() { xmlNs(this, _, result, _) } + + /** DEPRECATED: Alias for getUri */ + deprecated string getURI() { result = getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } override string toString() { - this.isDefault() and result = this.getURI() + this.isDefault() and result = this.getUri() or - not this.isDefault() and result = this.getPrefix() + ":" + this.getURI() + not this.isDefault() and result = this.getPrefix() + ":" + this.getUri() } } diff --git a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql index 713354c84a08..403c4c42d4f5 100644 --- a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql +++ b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql @@ -19,14 +19,14 @@ private API::Node unsafe_paramiko_policy(string name) { result = API::moduleImport("paramiko").getMember("client").getMember(name) } -private API::Node paramikoSSHClientInstance() { +private API::Node paramikoSshClientInstance() { result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn() } from DataFlow::CallCfgNode call, DataFlow::Node arg, string name where // see http://docs.paramiko.org/en/stable/api/client.html#paramiko.client.SSHClient.set_missing_host_key_policy - call = paramikoSSHClientInstance().getMember("set_missing_host_key_policy").getACall() and + call = paramikoSshClientInstance().getMember("set_missing_host_key_policy").getACall() and arg in [call.getArg(0), call.getArgByName("policy")] and ( arg = unsafe_paramiko_policy(name).getAValueReachableFromSource() or diff --git a/python/ql/src/Security/CWE-327/PyOpenSSL.qll b/python/ql/src/Security/CWE-327/PyOpenSSL.qll index 7f7b9184570b..f967333aa347 100644 --- a/python/ql/src/Security/CWE-327/PyOpenSSL.qll +++ b/python/ql/src/Security/CWE-327/PyOpenSSL.qll @@ -7,13 +7,13 @@ private import python private import semmle.python.ApiGraphs import TlsLibraryModel -class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode { - PyOpenSSLContextCreation() { +class PyOpenSslContextCreation extends ContextCreation, DataFlow::CallCfgNode { + PyOpenSslContextCreation() { this = API::moduleImport("OpenSSL").getMember("SSL").getMember("Context").getACall() } override string getProtocol() { - exists(DataFlow::Node protocolArg, PyOpenSSL pyo | + exists(DataFlow::Node protocolArg, PyOpenSsl pyo | protocolArg in [this.getArg(0), this.getArgByName("method")] | protocolArg in [ @@ -24,6 +24,9 @@ class PyOpenSSLContextCreation extends ContextCreation, DataFlow::CallCfgNode { } } +/** DEPRECATED: Alias for PyOpenSslContextCreation */ +deprecated class PyOpenSSLContextCreation = PyOpenSslContextCreation; + class ConnectionCall extends ConnectionCreation, DataFlow::CallCfgNode { ConnectionCall() { this = API::moduleImport("OpenSSL").getMember("SSL").getMember("Connection").getACall() @@ -51,12 +54,15 @@ class SetOptionsCall extends ProtocolRestriction, DataFlow::CallCfgNode { } } -class UnspecificPyOpenSSLContextCreation extends PyOpenSSLContextCreation, UnspecificContextCreation { - UnspecificPyOpenSSLContextCreation() { library instanceof PyOpenSSL } +class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, UnspecificContextCreation { + UnspecificPyOpenSslContextCreation() { library instanceof PyOpenSsl } } -class PyOpenSSL extends TlsLibrary { - PyOpenSSL() { this = "pyOpenSSL" } +/** DEPRECATED: Alias for UnspecificPyOpenSslContextCreation */ +deprecated class UnspecificPyOpenSSLContextCreation = UnspecificPyOpenSslContextCreation; + +class PyOpenSsl extends TlsLibrary { + PyOpenSsl() { this = "pyOpenSSL" } override string specific_version_name(ProtocolVersion version) { result = version + "_METHOD" } @@ -70,7 +76,7 @@ class PyOpenSSL extends TlsLibrary { override ContextCreation default_context_creation() { none() } override ContextCreation specific_context_creation() { - result instanceof PyOpenSSLContextCreation + result instanceof PyOpenSslContextCreation } override DataFlow::Node insecure_connection_creation(ProtocolVersion version) { none() } @@ -80,6 +86,9 @@ class PyOpenSSL extends TlsLibrary { override ProtocolRestriction protocol_restriction() { result instanceof SetOptionsCall } override ProtocolUnrestriction protocol_unrestriction() { - result instanceof UnspecificPyOpenSSLContextCreation + result instanceof UnspecificPyOpenSslContextCreation } } + +/** DEPRECATED: Alias for PyOpenSsl */ +deprecated class PyOpenSSL = PyOpenSsl; diff --git a/python/ql/src/Security/CWE-327/Ssl.qll b/python/ql/src/Security/CWE-327/Ssl.qll index d1122f82ed95..03a98c2420a8 100644 --- a/python/ql/src/Security/CWE-327/Ssl.qll +++ b/python/ql/src/Security/CWE-327/Ssl.qll @@ -7,8 +7,8 @@ private import python private import semmle.python.ApiGraphs import TlsLibraryModel -class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode { - SSLContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() } +class SslContextCreation extends ContextCreation, DataFlow::CallCfgNode { + SslContextCreation() { this = API::moduleImport("ssl").getMember("SSLContext").getACall() } override string getProtocol() { exists(DataFlow::Node protocolArg, Ssl ssl | @@ -27,8 +27,11 @@ class SSLContextCreation extends ContextCreation, DataFlow::CallCfgNode { } } -class SSLDefaultContextCreation extends ContextCreation { - SSLDefaultContextCreation() { +/** DEPRECATED: Alias for SslContextCreation */ +deprecated class SSLContextCreation = SslContextCreation; + +class SslDefaultContextCreation extends ContextCreation { + SslDefaultContextCreation() { this = API::moduleImport("ssl").getMember("create_default_context").getACall() } @@ -37,6 +40,9 @@ class SSLDefaultContextCreation extends ContextCreation { override string getProtocol() { result = "TLS" } } +/** DEPRECATED: Alias for SslDefaultContextCreation */ +deprecated class SSLDefaultContextCreation = SslDefaultContextCreation; + /** Gets a reference to an `ssl.Context` instance. */ API::Node sslContextInstance() { result = API::moduleImport("ssl").getMember(["SSLContext", "create_default_context"]).getReturn() @@ -161,8 +167,8 @@ class ContextSetVersion extends ProtocolRestriction, ProtocolUnrestriction, Data } } -class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContextCreation { - UnspecificSSLContextCreation() { library instanceof Ssl } +class UnspecificSslContextCreation extends SslContextCreation, UnspecificContextCreation { + UnspecificSslContextCreation() { library instanceof Ssl } override ProtocolVersion getUnrestriction() { result = UnspecificContextCreation.super.getUnrestriction() and @@ -172,7 +178,10 @@ class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContext } } -class UnspecificSSLDefaultContextCreation extends SSLDefaultContextCreation, ProtocolUnrestriction { +/** DEPRECATED: Alias for UnspecificSslContextCreation */ +deprecated class UnspecificSSLContextCreation = UnspecificSslContextCreation; + +class UnspecificSslDefaultContextCreation extends SslDefaultContextCreation, ProtocolUnrestriction { override DataFlow::Node getContext() { result = this } // see https://docs.python.org/3/library/ssl.html#ssl.create_default_context @@ -181,6 +190,9 @@ class UnspecificSSLDefaultContextCreation extends SSLDefaultContextCreation, Pro } } +/** DEPRECATED: Alias for UnspecificSslDefaultContextCreation */ +deprecated class UnspecificSSLDefaultContextCreation = UnspecificSslDefaultContextCreation; + class Ssl extends TlsLibrary { Ssl() { this = "ssl" } @@ -195,10 +207,10 @@ class Ssl extends TlsLibrary { override API::Node version_constants() { result = API::moduleImport("ssl") } override ContextCreation default_context_creation() { - result instanceof SSLDefaultContextCreation + result instanceof SslDefaultContextCreation } - override ContextCreation specific_context_creation() { result instanceof SSLContextCreation } + override ContextCreation specific_context_creation() { result instanceof SslContextCreation } override DataFlow::CallCfgNode insecure_connection_creation(ProtocolVersion version) { result = API::moduleImport("ssl").getMember("wrap_socket").getACall() and @@ -220,8 +232,8 @@ class Ssl extends TlsLibrary { or result instanceof ContextSetVersion or - result instanceof UnspecificSSLContextCreation + result instanceof UnspecificSslContextCreation or - result instanceof UnspecificSSLDefaultContextCreation + result instanceof UnspecificSslDefaultContextCreation } } diff --git a/python/ql/src/experimental/Security/CWE-091/Xslt.ql b/python/ql/src/experimental/Security/CWE-091/Xslt.ql index a87edcb73aac..47cb8417b96c 100644 --- a/python/ql/src/experimental/Security/CWE-091/Xslt.ql +++ b/python/ql/src/experimental/Security/CWE-091/Xslt.ql @@ -17,8 +17,8 @@ import semmle.python.web.HttpRequest /* Sinks */ import experimental.semmle.python.security.injection.XSLT -class XSLTInjectionConfiguration extends TaintTracking::Configuration { - XSLTInjectionConfiguration() { this = "XSLT injection configuration" } +class XsltInjectionConfiguration extends TaintTracking::Configuration { + XsltInjectionConfiguration() { this = "XSLT injection configuration" } deprecated override predicate isSource(TaintTracking::Source source) { source instanceof HttpRequestTaintSource @@ -29,7 +29,7 @@ class XSLTInjectionConfiguration extends TaintTracking::Configuration { } } -from XSLTInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink +from XsltInjectionConfiguration config, TaintedPathSource src, TaintedPathSink sink where config.hasFlowPath(src, sink) select sink.getSink(), src, sink, "This XSLT query depends on $@.", src.getSource(), "a user-provided value" diff --git a/python/ql/src/experimental/semmle/python/Concepts.qll b/python/ql/src/experimental/semmle/python/Concepts.qll index 433d89dbad1f..6729bed00978 100644 --- a/python/ql/src/experimental/semmle/python/Concepts.qll +++ b/python/ql/src/experimental/semmle/python/Concepts.qll @@ -182,7 +182,10 @@ module LdapBind { /** * Holds if the binding process use SSL. */ - abstract predicate useSSL(); + abstract predicate useSsl(); + + /** DEPRECATED: Alias for useSsl */ + deprecated predicate useSSL() { useSsl() } } } @@ -213,7 +216,10 @@ class LdapBind extends DataFlow::Node { /** * Holds if the binding process use SSL. */ - predicate useSSL() { range.useSSL() } + predicate useSsl() { range.useSsl() } + + /** DEPRECATED: Alias for useSsl */ + deprecated predicate useSSL() { useSsl() } } /** DEPRECATED: Alias for LdapBind */ diff --git a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll index 871b47b48c92..b074aada1433 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll @@ -12,13 +12,13 @@ private import semmle.python.ApiGraphs /** * Provides models for Python's ldap-related libraries. */ -private module LDAP { +private module Ldap { /** * Provides models for the `python-ldap` PyPI package (imported as `ldap`). * * See https://www.python-ldap.org/en/python-ldap-3.3.0/index.html */ - private module LDAP2 { + private module Ldap2 { /** Gets a reference to the `ldap` module. */ API::Node ldap() { result = API::moduleImport("ldap") } @@ -38,8 +38,8 @@ private module LDAP { * * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions */ - private class LDAP2QueryMethods extends string { - LDAP2QueryMethods() { + private class Ldap2QueryMethods extends string { + Ldap2QueryMethods() { this in ["search", "search_s", "search_st", "search_ext", "search_ext_s"] } } @@ -52,7 +52,7 @@ private module LDAP { /** Gets a reference to a `ldap` query. */ private DataFlow::Node ldapQuery() { result = ldapOperation() and - result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2QueryMethods + result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2QueryMethods } /** @@ -60,8 +60,8 @@ private module LDAP { * * See `LDAP2QueryMethods` */ - private class LDAP2Query extends DataFlow::CallCfgNode, LdapQuery::Range { - LDAP2Query() { this.getFunction() = ldapQuery() } + private class Ldap2Query extends DataFlow::CallCfgNode, LdapQuery::Range { + Ldap2Query() { this.getFunction() = ldapQuery() } override DataFlow::Node getQuery() { result in [this.getArg(0), this.getArg(2), this.getArgByName("filterstr")] @@ -73,8 +73,8 @@ private module LDAP { * * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#functions */ - private class LDAP2BindMethods extends string { - LDAP2BindMethods() { + private class Ldap2BindMethods extends string { + Ldap2BindMethods() { this in [ "bind", "bind_s", "simple_bind", "simple_bind_s", "sasl_interactive_bind_s", "sasl_non_interactive_bind_s", "sasl_external_bind_s", "sasl_gssapi_bind_s" @@ -85,12 +85,12 @@ private module LDAP { /** Gets a reference to a `ldap` bind. */ private DataFlow::Node ldapBind() { result = ldapOperation() and - result.(DataFlow::AttrRead).getAttributeName() instanceof LDAP2BindMethods + result.(DataFlow::AttrRead).getAttributeName() instanceof Ldap2BindMethods } /**List of SSL-demanding options */ - private class LDAPSSLOptions extends DataFlow::Node { - LDAPSSLOptions() { + private class LdapSslOptions extends DataFlow::Node { + LdapSslOptions() { this = ldap().getMember("OPT_X_TLS_" + ["DEMAND", "HARD"]).getAValueReachableFromSource() } } @@ -100,8 +100,8 @@ private module LDAP { * * See `LDAP2BindMethods` */ - private class LDAP2Bind extends DataFlow::CallCfgNode, LdapBind::Range { - LDAP2Bind() { this.getFunction() = ldapBind() } + private class Ldap2Bind extends DataFlow::CallCfgNode, LdapBind::Range { + Ldap2Bind() { this.getFunction() = ldapBind() } override DataFlow::Node getPassword() { result in [this.getArg(1), this.getArgByName("cred")] @@ -115,11 +115,11 @@ private module LDAP { ) } - override predicate useSSL() { + override predicate useSsl() { // use initialize to correlate `this` and so avoid FP in several instances exists(DataFlow::CallCfgNode initialize | // ldap.set_option(ldap.OPT_X_TLS_%s) - ldap().getMember("set_option").getACall().getArg(_) instanceof LDAPSSLOptions + ldap().getMember("set_option").getACall().getArg(_) instanceof LdapSslOptions or this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() = initialize and initialize = ldapInitialize().getACall() and @@ -136,7 +136,7 @@ private module LDAP { setOption.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() = initialize and setOption.getFunction().(DataFlow::AttrRead).getAttributeName() = "set_option" and - setOption.getArg(0) instanceof LDAPSSLOptions and + setOption.getArg(0) instanceof LdapSslOptions and not DataFlow::exprNode(any(False falseExpr)) .(DataFlow::LocalSourceNode) .flowsTo(setOption.getArg(1)) @@ -144,6 +144,9 @@ private module LDAP { ) ) } + + /** DEPRECATED: Alias for useSsl */ + deprecated override predicate useSSL() { useSsl() } } /** @@ -151,8 +154,8 @@ private module LDAP { * * See https://github.com/python-ldap/python-ldap/blob/7ce471e238cdd9a4dd8d17baccd1c9e05e6f894a/Lib/ldap/dn.py#L17 */ - private class LDAP2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range { - LDAP2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() } + private class Ldap2EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range { + Ldap2EscapeDNCall() { this = ldap().getMember("dn").getMember("escape_dn_chars").getACall() } override DataFlow::Node getAnInput() { result = this.getArg(0) } } @@ -162,8 +165,8 @@ private module LDAP { * * See https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap-filter.html#ldap.filter.escape_filter_chars */ - private class LDAP2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range { - LDAP2EscapeFilterCall() { + private class Ldap2EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range { + Ldap2EscapeFilterCall() { this = ldap().getMember("filter").getMember("escape_filter_chars").getACall() } @@ -176,7 +179,7 @@ private module LDAP { * * See https://pypi.org/project/ldap3/ */ - private module LDAP3 { + private module Ldap3 { /** Gets a reference to the `ldap3` module. */ API::Node ldap3() { result = API::moduleImport("ldap3") } @@ -192,8 +195,8 @@ private module LDAP { /** * A class to find `ldap3` methods executing a query. */ - private class LDAP3Query extends DataFlow::CallCfgNode, LdapQuery::Range { - LDAP3Query() { + private class Ldap3Query extends DataFlow::CallCfgNode, LdapQuery::Range { + Ldap3Query() { this.getFunction().(DataFlow::AttrRead).getObject().getALocalSource() = ldap3Connection().getACall() and this.getFunction().(DataFlow::AttrRead).getAttributeName() = "search" @@ -205,8 +208,8 @@ private module LDAP { /** * A class to find `ldap3` methods binding a connection. */ - class LDAP3Bind extends DataFlow::CallCfgNode, LdapBind::Range { - LDAP3Bind() { this = ldap3Connection().getACall() } + class Ldap3Bind extends DataFlow::CallCfgNode, LdapBind::Range { + Ldap3Bind() { this = ldap3Connection().getACall() } override DataFlow::Node getPassword() { result in [this.getArg(2), this.getArgByName("password")] @@ -220,7 +223,7 @@ private module LDAP { ) } - override predicate useSSL() { + override predicate useSsl() { exists(DataFlow::CallCfgNode serverCall | serverCall = ldap3Server().getACall() and this.getArg(0).getALocalSource() = serverCall and @@ -236,6 +239,9 @@ private module LDAP { startTLS.getObject().getALocalSource() = this ) } + + /** DEPRECATED: Alias for useSsl */ + deprecated override predicate useSSL() { useSsl() } } /** @@ -243,8 +249,8 @@ private module LDAP { * * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/dn.py#L390 */ - private class LDAP3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range { - LDAP3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() } + private class Ldap3EscapeDNCall extends DataFlow::CallCfgNode, LdapEscape::Range { + Ldap3EscapeDNCall() { this = ldap3Utils().getMember("dn").getMember("escape_rdn").getACall() } override DataFlow::Node getAnInput() { result = this.getArg(0) } } @@ -254,8 +260,8 @@ private module LDAP { * * See https://github.com/cannatag/ldap3/blob/4d33166f0869b929f59c6e6825a1b9505eb99967/ldap3/utils/conv.py#L91 */ - private class LDAP3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range { - LDAP3EscapeFilterCall() { + private class Ldap3EscapeFilterCall extends DataFlow::CallCfgNode, LdapEscape::Range { + Ldap3EscapeFilterCall() { this = ldap3Utils().getMember("conv").getMember("escape_filter_chars").getACall() } diff --git a/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll b/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll index e8cae547c68c..dbe1cbe4117c 100644 --- a/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll +++ b/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll @@ -122,7 +122,7 @@ class LdapInsecureAuthConfig extends TaintTracking::Configuration { } override predicate isSink(DataFlow::Node sink) { - exists(LdapBind ldapBind | not ldapBind.useSSL() and sink = ldapBind.getHost()) + exists(LdapBind ldapBind | not ldapBind.useSsl() and sink = ldapBind.getHost()) } } diff --git a/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll b/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll index eb696c603154..4d0057f8dc15 100644 --- a/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll +++ b/python/ql/src/experimental/semmle/python/security/injection/XSLT.qll @@ -11,12 +11,15 @@ import semmle.python.dataflow.TaintTracking import semmle.python.web.HttpRequest /** Models XSLT Injection related classes and functions */ -module XSLTInjection { +module XsltInjection { /** Returns a class value which refers to `lxml.etree` */ Value etree() { result = Value::named("lxml.etree") } /** A generic taint sink that is vulnerable to XSLT injection. */ - abstract class XSLTInjectionSink extends TaintSink { } + abstract class XsltInjectionSink extends TaintSink { } + + /** DEPRECATED: Alias for XsltInjectionSink */ + deprecated class XSLTInjectionSink = XsltInjectionSink; /** * A kind of "taint", representing an untrusted XML string @@ -73,10 +76,10 @@ module XSLTInjection { * root = etree.XML("") * find_text = etree.XSLT("`sink`") */ - private class EtreeXSLTArgument extends XSLTInjectionSink { + private class EtreeXsltArgument extends XsltInjectionSink { override string toString() { result = "lxml.etree.XSLT" } - EtreeXSLTArgument() { + EtreeXsltArgument() { exists(CallNode call | call.getFunction().(AttrNode).getObject("XSLT").pointsTo(etree()) | call.getArg(0) = this ) @@ -94,10 +97,10 @@ module XSLTInjection { * tree = etree.parse(f) * result_tree = tree.xslt(`sink`) */ - private class ParseXSLTArgument extends XSLTInjectionSink { + private class ParseXsltArgument extends XsltInjectionSink { override string toString() { result = "lxml.etree.parse.xslt" } - ParseXSLTArgument() { + ParseXsltArgument() { exists( CallNode parseCall, CallNode xsltCall, ControlFlowNode obj, Variable var, AssignStmt assign | @@ -113,3 +116,6 @@ module XSLTInjection { override predicate sinks(TaintKind kind) { kind instanceof ExternalXmlKind } } } + +/** DEPRECATED: Alias for XsltInjection */ +deprecated module XSLTInjection = XsltInjection; diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql b/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql index 2149e6921d0b..6ce8fdc4fb51 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql +++ b/python/ql/test/experimental/query-tests/Security/CWE-091/XsltSinks.ql @@ -1,6 +1,6 @@ import python import experimental.semmle.python.security.injection.XSLT -from XSLTInjection::XSLTInjectionSink sink, TaintKind kind +from XsltInjection::XsltInjectionSink sink, TaintKind kind where sink.sinks(kind) select sink, kind diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index 2a473303c7a3..97d40154dbf2 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -714,7 +714,7 @@ module PersistentWriteAccess { * Extend this class to refine existing API models. If you want to model new APIs, * extend `CSRFProtectionSetting::Range` instead. */ -class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range { +class CsrfProtectionSetting extends DataFlow::Node instanceof CsrfProtectionSetting::Range { /** * Gets the boolean value corresponding to if CSRF protection is enabled * (`true`) or disabled (`false`) by this node. @@ -722,8 +722,11 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett boolean getVerificationSetting() { result = super.getVerificationSetting() } } +/** DEPRECATED: Alias for CsrfProtectionSetting */ +deprecated class CSRFProtectionSetting = CsrfProtectionSetting; + /** Provides a class for modeling new CSRF protection setting APIs. */ -module CSRFProtectionSetting { +module CsrfProtectionSetting { /** * A data-flow node that may set or unset Cross-site request forgery protection. * @@ -739,6 +742,9 @@ module CSRFProtectionSetting { } } +/** DEPRECATED: Alias for CsrfProtectionSetting */ +deprecated module CSRFProtectionSetting = CsrfProtectionSetting; + /** Provides classes for modeling path-related APIs. */ module Path { /** diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll index d7607e799766..4a1689113630 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll @@ -32,7 +32,7 @@ */ private import codeql.ruby.AST -private import codeql.ruby.ast.internal.AST as ASTInternal +private import codeql.ruby.ast.internal.AST as AstInternal private import codeql.ruby.ast.internal.Scope private import codeql.ruby.ast.Scope private import codeql.ruby.ast.internal.TreeSitter @@ -66,7 +66,7 @@ private class EndBlockScope extends CfgScopeImpl, EndBlock { } } -private class BodyStmtCallableScope extends CfgScopeImpl, ASTInternal::TBodyStmt, Callable { +private class BodyStmtCallableScope extends CfgScopeImpl, AstInternal::TBodyStmt, Callable { final override predicate entry(AstNode first) { this.(Trees::BodyStmtTree).firstInner(first) } final override predicate exit(AstNode last, Completion c) { @@ -377,7 +377,7 @@ module Trees { override ControlFlowTree getChildElement(int i) { result = this.getArgument(i) } } - private class CaseTree extends PostOrderTree, CaseExpr, ASTInternal::TCaseExpr { + private class CaseTree extends PostOrderTree, CaseExpr, AstInternal::TCaseExpr { final override predicate propagatesAbnormal(AstNode child) { child = this.getValue() or child = this.getABranch() } @@ -415,7 +415,7 @@ module Trees { } } - private class CaseMatchTree extends PostOrderTree, CaseExpr, ASTInternal::TCaseMatch { + private class CaseMatchTree extends PostOrderTree, CaseExpr, AstInternal::TCaseMatch { final override predicate propagatesAbnormal(AstNode child) { child = this.getValue() or child = this.getABranch() } @@ -1089,7 +1089,7 @@ module Trees { } } - private class MethodNameTree extends LeafTree, MethodName, ASTInternal::TTokenMethodName { } + private class MethodNameTree extends LeafTree, MethodName, AstInternal::TTokenMethodName { } private class MethodTree extends BodyStmtTree, Method { final override predicate propagatesAbnormal(AstNode child) { none() } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll index 27a2d31e750e..d607612364fd 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll @@ -323,7 +323,7 @@ predicate controllerTemplateFile(ActionControllerControllerClass cls, ErbFile te * `skip_before_action :verify_authenticity_token` to disable CSRF authenticity * token protection. */ -class ActionControllerSkipForgeryProtectionCall extends CSRFProtectionSetting::Range { +class ActionControllerSkipForgeryProtectionCall extends CsrfProtectionSetting::Range { ActionControllerSkipForgeryProtectionCall() { exists(MethodCall call | call = this.asExpr().getExpr() | call.getMethodName() = "skip_forgery_protection" @@ -339,7 +339,7 @@ class ActionControllerSkipForgeryProtectionCall extends CSRFProtectionSetting::R /** * A call to `protect_from_forgery`. */ -private class ActionControllerProtectFromForgeryCall extends CSRFProtectionSetting::Range { +private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetting::Range { private ActionControllerContextCall callExpr; ActionControllerProtectFromForgeryCall() { diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll index 9b45d2204861..75596d64a6e3 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Rails.qll @@ -183,7 +183,7 @@ private module Settings { * production code. */ private class AllowForgeryProtectionSetting extends Settings::BooleanSetting, - CSRFProtectionSetting::Range { + CsrfProtectionSetting::Range { AllowForgeryProtectionSetting() { this.getReceiver() instanceof Config::ActionControllerNode and this.getMethodName() = "allow_forgery_protection=" @@ -204,9 +204,9 @@ private class EncryptedCookieCipherSetting extends Settings::StringlikeSetting, this.getMethodName() = "encrypted_cookie_cipher=" } - OpenSSLCipher getCipher() { this.getValueText() = result.getName() } + OpenSslCipher getCipher() { this.getValueText() = result.getName() } - OpenSSLCipher getDefaultCipher() { result.getName() = "aes-256-gcm" } + OpenSslCipher getDefaultCipher() { result.getName() = "aes-256-gcm" } override string getSecurityWarningMessage() { this.getCipher().isWeak() and diff --git a/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll b/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll index 73cefe8d255d..8113bb537e29 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll @@ -109,7 +109,7 @@ private class FeatureNONET extends Feature, TNONET { override string getConstantName() { result = "NONET" } } -private class FeatureDTDLOAD extends Feature, TDTDLOAD { +private class FeatureDtdLoad extends Feature, TDTDLOAD { override int getValue() { result = 4 } override string getConstantName() { result = "DTDLOAD" } diff --git a/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll b/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll index 54200391bc9f..84bfa47d18e5 100644 --- a/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll +++ b/ruby/ql/lib/codeql/ruby/security/OpenSSL.qll @@ -87,7 +87,7 @@ module Ciphers { * * See https://ruby-doc.org/stdlib-3.0.1/libdoc/openssl/rdoc/OpenSSL/Cipher.html */ - predicate isOpenSSLCipher(string name) { + predicate isOpenSslCipher(string name) { name = [ "aes-128-cbc", "aes-128-cbc-hmac-sha1", "aes-128-cbc-hmac-sha256", "aes-128-ccm", @@ -139,6 +139,9 @@ module Ciphers { ] } + /** DEPRECATED: Alias for isOpenSslCipher */ + deprecated predicate isOpenSSLCipher = isOpenSslCipher/1; + /** * Gets the canonical cipher name in cases where this isn't simply an * upcased version of the provided name. This may be because a default block @@ -249,7 +252,7 @@ module Ciphers { * No result if `name` is not a known OpenSSL cipher name. */ string getCanonicalCipherName(string name) { - isOpenSSLCipher(name) and + isOpenSslCipher(name) and ( result = getSpecialCanonicalCipherName(name) or @@ -261,20 +264,26 @@ module Ciphers { /** * Holds if `name` is the name of an OpenSSL cipher that is known to be weak. */ - predicate isWeakOpenSSLCipher(string name) { - isOpenSSLCipher(name) and + predicate isWeakOpenSslCipher(string name) { + isOpenSslCipher(name) and name.toUpperCase().regexpMatch(getInsecureAlgorithmRegex()) } + /** DEPRECATED: Alias for isWeakOpenSslCipher */ + deprecated predicate isWeakOpenSSLCipher = isWeakOpenSslCipher/1; + /** * Holds if `name` is the name of an OpenSSL cipher that is known to be strong. */ - predicate isStrongOpenSSLCipher(string name) { - isOpenSSLCipher(name) and + predicate isStrongOpenSslCipher(string name) { + isOpenSslCipher(name) and name.toUpperCase().regexpMatch(getSecureAlgorithmRegex()) and // exclude algorithms that include a weak component not name.toUpperCase().regexpMatch(getInsecureAlgorithmRegex()) } + + /** DEPRECATED: Alias for isStrongOpenSslCipher */ + deprecated predicate isStrongOpenSSLCipher = isStrongOpenSslCipher/1; } private import Ciphers @@ -282,22 +291,22 @@ private import Ciphers /** * An OpenSSL cipher. */ -private newtype TOpenSSLCipher = - MkOpenSSLCipher(string name, boolean isWeak) { - isStrongOpenSSLCipher(name) and isWeak = false +private newtype TOpenSslCipher = + MkOpenSslCipher(string name, boolean isWeak) { + isStrongOpenSslCipher(name) and isWeak = false or - isWeakOpenSSLCipher(name) and isWeak = true + isWeakOpenSslCipher(name) and isWeak = true } /** * A known OpenSSL cipher. This may include information about the block * encryption mode, which can affect if the cipher is marked as being weak. */ -class OpenSSLCipher extends MkOpenSSLCipher { +class OpenSslCipher extends MkOpenSslCipher { string name; boolean isWeak; - OpenSSLCipher() { this = MkOpenSSLCipher(name, isWeak) } + OpenSslCipher() { this = MkOpenSslCipher(name, isWeak) } /** * Gets a name of this cipher. @@ -325,6 +334,9 @@ class OpenSSLCipher extends MkOpenSSLCipher { Cryptography::EncryptionAlgorithm getAlgorithm() { result.matchesName(this.getCanonicalName()) } } +/** DEPRECATED: Alias for OpenSslCipher */ +deprecated class OpenSSLCipher = OpenSslCipher; + /** `OpenSSL::Cipher` or `OpenSSL::Cipher::Cipher` */ private API::Node cipherApi() { result = API::getTopLevelMember("OpenSSL").getMember("Cipher") or @@ -394,7 +406,7 @@ private Cryptography::BlockMode getBlockModeFromCipherName(string blockCipherNam * `cipher` instance with mode `cipherMode`. */ private predicate cipherInstantiationGeneric( - DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode + DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode ) { exists(string cipherName | cipher.matchesName(cipherName) | // `OpenSSL::Cipher.new('')` @@ -412,7 +424,7 @@ private predicate cipherInstantiationGeneric( * with mode `cipherMode`. */ private predicate cipherInstantiationAES( - DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode + DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode ) { exists(string cipherName | cipher.matchesName(cipherName) | // `OpenSSL::Cipher::AES` instantiations @@ -459,7 +471,7 @@ private predicate cipherInstantiationAES( * specific to a block encryption algorithm, e.g. Blowfish, DES, etc. */ private predicate cipherInstantiationSpecific( - DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode + DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode ) { exists(string cipherName | cipher.matchesName(cipherName) | // Block ciphers with dedicated modules @@ -486,7 +498,7 @@ private predicate cipherInstantiationSpecific( * instance with mode `cipherMode`. */ private predicate cipherInstantiationRC4( - DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode + DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode ) { exists(string cipherName | cipher.matchesName(cipherName) | // RC4 stream cipher @@ -502,7 +514,7 @@ private predicate cipherInstantiationRC4( /** A call to `OpenSSL::Cipher.new` or similar. */ private class CipherInstantiation extends DataFlow::CallNode { - private OpenSSLCipher cipher; + private OpenSslCipher cipher; private CipherMode cipherMode; CipherInstantiation() { @@ -512,15 +524,15 @@ private class CipherInstantiation extends DataFlow::CallNode { cipherInstantiationRC4(this, cipher, cipherMode) } - /** Gets the `OpenSSLCipher` associated with this instance. */ - OpenSSLCipher getCipher() { result = cipher } + /** Gets the `OpenSslCipher` associated with this instance. */ + OpenSslCipher getCipher() { result = cipher } /** Gets the mode used by this cipher, if applicable. */ CipherMode getCipherMode() { result = cipherMode } } private DataFlow::LocalSourceNode cipherInstance( - TypeTracker t, OpenSSLCipher cipher, CipherMode cipherMode + TypeTracker t, OpenSslCipher cipher, CipherMode cipherMode ) { t.start() and result.(CipherInstantiation).getCipher() = cipher and @@ -531,13 +543,13 @@ private DataFlow::LocalSourceNode cipherInstance( /** A node with flow from `OpenSSL::Cipher.new`. */ private class CipherNode extends DataFlow::Node { - private OpenSSLCipher cipher; + private OpenSslCipher cipher; private CipherMode cipherMode; CipherNode() { cipherInstance(TypeTracker::end(), cipher, cipherMode).flowsTo(this) } /** Gets the cipher associated with this node. */ - OpenSSLCipher getCipher() { result = cipher } + OpenSslCipher getCipher() { result = cipher } /** Gets the cipher associated with this node. */ CipherMode getCipherMode() { result = cipherMode } diff --git a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql index 65028241fe1a..7871b0c7be5c 100644 --- a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql +++ b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql @@ -14,6 +14,6 @@ import ruby import codeql.ruby.Concepts -from CSRFProtectionSetting s +from CsrfProtectionSetting s where s.getVerificationSetting() = false select s, "Potential CSRF vulnerability due to forgery protection being disabled or weakened." diff --git a/ruby/ql/test/library-tests/security/OpenSSL.ql b/ruby/ql/test/library-tests/security/OpenSSL.ql index 59f38a074adc..6a303f76c7b4 100644 --- a/ruby/ql/test/library-tests/security/OpenSSL.ql +++ b/ruby/ql/test/library-tests/security/OpenSSL.ql @@ -1,11 +1,11 @@ import ruby import codeql.ruby.security.OpenSSL -query predicate weakOpenSSLCipherAlgorithms(OpenSSLCipher c) { c.isWeak() } +query predicate weakOpenSslCipherAlgorithms(OpenSslCipher c) { c.isWeak() } -query predicate strongOpenSSLCipherAlgorithms(OpenSSLCipher c) { not c.isWeak() } +query predicate strongOpenSslCipherAlgorithms(OpenSslCipher c) { not c.isWeak() } -query predicate missingOpenSSLCipherAlgorithms(string name) { - Ciphers::isOpenSSLCipher(name) and - not exists(OpenSSLCipher c | c.getName() = name) +query predicate missingOpenSslCipherAlgorithms(string name) { + Ciphers::isOpenSslCipher(name) and + not exists(OpenSslCipher c | c.getName() = name) } From a593a52b5e8aba264ea2dffe4e135c1450e64344 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 18 Aug 2022 15:06:42 +0200 Subject: [PATCH 2/8] add missing qldoc (that was already missing?) --- cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll | 2 ++ cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll | 2 ++ .../semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll | 2 ++ go/ql/lib/semmle/go/security/ExternalAPIs.qll | 2 ++ java/ql/lib/semmle/code/java/security/ExternalAPIs.qll | 2 ++ .../security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll | 1 + python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll | 2 ++ 7 files changed, 13 insertions(+) diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll index 0636dcbe11b8..de7d043ad59c 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll @@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(Function f, int index) { exists(UntrustedExternalApiDataNode n | f = n.getExternalFunction() and diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll index 0636dcbe11b8..de7d043ad59c 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll @@ -21,7 +21,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(Function f, int index) { exists(UntrustedExternalApiDataNode n | f = n.getExternalFunction() and diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index 744632c5f764..4c0b7b007659 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -102,7 +102,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(Callable m, int index) { exists(UntrustedExternalApiDataNode n | m = n.getCallable().getUnboundDeclaration() and diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll index 432320a413ae..2beede34602d 100644 --- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll +++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll @@ -195,7 +195,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(Function m, int index) { exists(UntrustedExternalApiDataNode n | m = n.getFunction() and diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index 1356c152d237..74d8c2e15774 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -126,7 +126,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(Method m, int index) { exists(UntrustedExternalApiDataNode n | m = n.getMethod() and diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index 99136f17bdae..15c538113a1f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -81,6 +81,7 @@ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; * Name of an external API sink, boxed in a newtype for consistency with other languages. */ private newtype TExternalApi = + /** An external API sink with `name`. */ MkExternalApiNode(string name) { exists(Sink sink | any(Configuration c).hasFlow(_, sink) and diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll index 15cc032ca372..5fa996c97a73 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll @@ -129,7 +129,9 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { /** DEPRECATED: Alias for UntrustedExternalApiDataNode */ deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; +/** An external API which is used with untrusted data. */ private newtype TExternalApi = + /** An untrusted API method `m` where untrusted data is passed at `index`. */ TExternalApiParameter(DataFlowPrivate::DataFlowCallable callable, int index) { exists(UntrustedExternalApiDataNode n | callable = n.getCallable() and From 28083ebe0916956c1c7e087a6cbec4316b67097c Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 22 Aug 2022 21:23:31 +0200 Subject: [PATCH 3/8] run the implicit-this patch --- cpp/ql/lib/semmle/code/cpp/XML.qll | 4 +-- csharp/ql/lib/semmle/code/asp/WebConfig.qll | 8 ++--- csharp/ql/lib/semmle/code/csharp/XML.qll | 4 +-- .../code/csharp/frameworks/microsoft/Owin.qll | 2 +- go/ql/lib/semmle/go/frameworks/Stdlib.qll | 32 ++++++++++--------- .../code/java/frameworks/javaee/ejb/EJB.qll | 20 ++++++------ .../java/security/SensitiveLoggingQuery.qll | 2 +- java/ql/lib/semmle/code/xml/XML.qll | 4 +-- javascript/ql/lib/semmle/javascript/XML.qll | 4 +-- .../javascript/security/dataflow/DOM.qll | 2 +- python/ql/lib/semmle/python/xml/XML.qll | 4 +-- .../semmle/python/frameworks/LDAP.qll | 4 +-- 12 files changed, 46 insertions(+), 44 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/XML.qll b/cpp/ql/lib/semmle/code/cpp/XML.qll index ccf8ab5b55f2..5c99a060c2ae 100755 --- a/cpp/ql/lib/semmle/code/cpp/XML.qll +++ b/cpp/ql/lib/semmle/code/cpp/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = getADtd() } + deprecated XmlDTD getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -291,7 +291,7 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getUri() { xmlNs(this, _, result, _) } /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = getUri() } + deprecated string getURI() { result = this.getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } diff --git a/csharp/ql/lib/semmle/code/asp/WebConfig.qll b/csharp/ql/lib/semmle/code/asp/WebConfig.qll index 8d6d19c22270..34fa9cf3972a 100644 --- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll +++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll @@ -99,7 +99,7 @@ class FormsElement extends XmlElement { } /** DEPRECATED: Alias for getRequireSsl */ - deprecated string getRequireSSL() { result = getRequireSsl() } + deprecated string getRequireSSL() { result = this.getRequireSsl() } /** * Holds if `requireSSL` value is true. @@ -107,7 +107,7 @@ class FormsElement extends XmlElement { predicate isRequireSsl() { this.getRequireSsl() = "true" } /** DEPRECATED: Alias for isRequireSsl */ - deprecated predicate isRequireSSL() { isRequireSsl() } + deprecated predicate isRequireSSL() { this.isRequireSsl() } } /** A `` tag in an ASP.NET configuration file. */ @@ -134,7 +134,7 @@ class HttpCookiesElement extends XmlElement { } /** DEPRECATED: Alias for getRequireSsl */ - deprecated string getRequireSSL() { result = getRequireSsl() } + deprecated string getRequireSSL() { result = this.getRequireSsl() } /** * Holds if there is any chance that `requireSSL` is set to `true` either globally or for Forms. @@ -147,5 +147,5 @@ class HttpCookiesElement extends XmlElement { } /** DEPRECATED: Alias for isRequireSsl */ - deprecated predicate isRequireSSL() { isRequireSsl() } + deprecated predicate isRequireSSL() { this.isRequireSsl() } } diff --git a/csharp/ql/lib/semmle/code/csharp/XML.qll b/csharp/ql/lib/semmle/code/csharp/XML.qll index ccf8ab5b55f2..5c99a060c2ae 100755 --- a/csharp/ql/lib/semmle/code/csharp/XML.qll +++ b/csharp/ql/lib/semmle/code/csharp/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = getADtd() } + deprecated XmlDTD getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -291,7 +291,7 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getUri() { xmlNs(this, _, result, _) } /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = getUri() } + deprecated string getURI() { result = this.getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll index 3029e101252a..331e89b1bb8d 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Owin.qll @@ -125,7 +125,7 @@ class MicrosoftOwinIOwinRequestClass extends Class { } /** DEPRECATED: Alias for getUriProperty */ - deprecated Property getURIProperty() { result = getUriProperty() } + deprecated Property getURIProperty() { result = this.getUriProperty() } } /** A `Microsoft.Owin.*String` class. */ diff --git a/go/ql/lib/semmle/go/frameworks/Stdlib.qll b/go/ql/lib/semmle/go/frameworks/Stdlib.qll index 8d520d6e0cae..b84811752169 100644 --- a/go/ql/lib/semmle/go/frameworks/Stdlib.qll +++ b/go/ql/lib/semmle/go/frameworks/Stdlib.qll @@ -69,9 +69,9 @@ import semmle.go.frameworks.stdlib.TextTemplate /** A `String()` method. */ class StringMethod extends TaintTracking::FunctionModel, Method { StringMethod() { - getName() = "String" and - getNumParameter() = 0 and - getResultType(0) = Builtin::string_().getType() + this.getName() = "String" and + this.getNumParameter() = 0 and + this.getResultType(0) = Builtin::string_().getType() } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { @@ -132,7 +132,8 @@ module URL { /** The `PathEscape` or `QueryEscape` function. */ class Escaper extends TaintTracking::FunctionModel { Escaper() { - hasQualifiedName("net/url", "PathEscape") or hasQualifiedName("net/url", "QueryEscape") + this.hasQualifiedName("net/url", "PathEscape") or + this.hasQualifiedName("net/url", "QueryEscape") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { @@ -143,7 +144,8 @@ module URL { /** The `PathUnescape` or `QueryUnescape` function. */ class Unescaper extends TaintTracking::FunctionModel { Unescaper() { - hasQualifiedName("net/url", "PathUnescape") or hasQualifiedName("net/url", "QueryUnescape") + this.hasQualifiedName("net/url", "PathUnescape") or + this.hasQualifiedName("net/url", "QueryUnescape") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { @@ -154,10 +156,10 @@ module URL { /** The `Parse`, `ParseQuery` or `ParseRequestURI` function, or the `URL.Parse` method. */ class Parser extends TaintTracking::FunctionModel { Parser() { - hasQualifiedName("net/url", "Parse") or + this.hasQualifiedName("net/url", "Parse") or this.(Method).hasQualifiedName("net/url", "URL", "Parse") or - hasQualifiedName("net/url", "ParseQuery") or - hasQualifiedName("net/url", "ParseRequestURI") + this.hasQualifiedName("net/url", "ParseQuery") or + this.hasQualifiedName("net/url", "ParseRequestURI") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { @@ -192,7 +194,7 @@ module URL { /** A method that returns a part of a URL. */ class UrlGetter extends TaintTracking::FunctionModel, Method { UrlGetter() { - exists(string m | hasQualifiedName("net/url", "URL", m) | + exists(string m | this.hasQualifiedName("net/url", "URL", m) | m = ["EscapedPath", "Hostname", "Port", "Query", "RequestURI"] ) } @@ -204,7 +206,7 @@ module URL { /** The method `URL.MarshalBinary`. */ class UrlMarshalBinary extends TaintTracking::FunctionModel, Method { - UrlMarshalBinary() { hasQualifiedName("net/url", "URL", "MarshalBinary") } + UrlMarshalBinary() { this.hasQualifiedName("net/url", "URL", "MarshalBinary") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { inp.isReceiver() and outp.isResult(0) @@ -213,7 +215,7 @@ module URL { /** The method `URL.ResolveReference`. */ class UrlResolveReference extends TaintTracking::FunctionModel, Method { - UrlResolveReference() { hasQualifiedName("net/url", "URL", "ResolveReference") } + UrlResolveReference() { this.hasQualifiedName("net/url", "URL", "ResolveReference") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { (inp.isReceiver() or inp.isParameter(0)) and @@ -224,8 +226,8 @@ module URL { /** The function `User` or `UserPassword`. */ class UserinfoConstructor extends TaintTracking::FunctionModel { UserinfoConstructor() { - hasQualifiedName("net/url", "User") or - hasQualifiedName("net/url", "UserPassword") + this.hasQualifiedName("net/url", "User") or + this.hasQualifiedName("net/url", "UserPassword") } override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { @@ -236,7 +238,7 @@ module URL { /** A method that returns a part of a Userinfo struct. */ class UserinfoGetter extends TaintTracking::FunctionModel, Method { UserinfoGetter() { - exists(string m | hasQualifiedName("net/url", "Userinfo", m) | + exists(string m | this.hasQualifiedName("net/url", "Userinfo", m) | m = "Password" or m = "Username" ) @@ -250,7 +252,7 @@ module URL { /** A method that returns all or part of a Values map. */ class ValuesGetter extends TaintTracking::FunctionModel, Method { ValuesGetter() { - exists(string m | hasQualifiedName("net/url", "Values", m) | + exists(string m | this.hasQualifiedName("net/url", "Values", m) | m = "Encode" or m = "Get" ) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll index df0c74b2c30c..de8b0387ee0c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll @@ -246,7 +246,7 @@ abstract class BusinessInterface extends Interface { abstract SessionEjb getAnEjb(); /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } /** Holds if this business interface is declared local. */ abstract predicate isDeclaredLocal(); @@ -275,7 +275,7 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated override SessionEJB getAnEJB() { result = getAnEjb() } + deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() } override predicate isDeclaredLocal() { exists(EjbJarXmlFile f | @@ -314,7 +314,7 @@ class AnnotatedBusinessInterface extends BusinessInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated override SessionEJB getAnEJB() { result = getAnEjb() } + deprecated override SessionEJB getAnEJB() { result = this.getAnEjb() } override predicate isDeclaredLocal() { this instanceof LocalAnnotatedBusinessInterface } @@ -451,7 +451,7 @@ class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } } /** A legacy remote home interface. */ @@ -471,7 +471,7 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface { SessionEjb getAnEjb() { result.getAnAnnotation().(RemoteHomeAnnotation).getANamedType() = this } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } /** Gets a remote interface associated with this legacy remote home interface. */ Interface getAnAssociatedRemoteInterface() { result = this.getACreateMethod().getReturnType() } @@ -496,7 +496,7 @@ class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } } /** A legacy local interface. */ @@ -524,7 +524,7 @@ class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } } /** A legacy local home interface. */ @@ -544,7 +544,7 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface { SessionEjb getAnEjb() { result.getAnAnnotation().(LocalHomeAnnotation).getANamedType() = this } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } /** Gets a local interface associated with this legacy local home interface. */ Interface getAnAssociatedLocalInterface() { result = this.getACreateMethod().getReturnType() } @@ -569,7 +569,7 @@ class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } } /** @@ -594,7 +594,7 @@ class RemoteInterface extends Interface { } /** DEPRECATED: Alias for getAnEjb */ - deprecated SessionEJB getAnEJB() { result = getAnEjb() } + deprecated SessionEJB getAnEJB() { result = this.getAnEjb() } /** * A "remote method" is a method that is available on the remote diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll index c93a258f4904..1956360e120a 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll @@ -41,5 +41,5 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration { sanitizer.getType() instanceof TypeType } - override predicate isSanitizerIn(Node node) { isSource(node) } + override predicate isSanitizerIn(Node node) { this.isSource(node) } } diff --git a/java/ql/lib/semmle/code/xml/XML.qll b/java/ql/lib/semmle/code/xml/XML.qll index ccf8ab5b55f2..5c99a060c2ae 100755 --- a/java/ql/lib/semmle/code/xml/XML.qll +++ b/java/ql/lib/semmle/code/xml/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = getADtd() } + deprecated XmlDTD getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -291,7 +291,7 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getUri() { xmlNs(this, _, result, _) } /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = getUri() } + deprecated string getURI() { result = this.getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } diff --git a/javascript/ql/lib/semmle/javascript/XML.qll b/javascript/ql/lib/semmle/javascript/XML.qll index ccf8ab5b55f2..5c99a060c2ae 100755 --- a/javascript/ql/lib/semmle/javascript/XML.qll +++ b/javascript/ql/lib/semmle/javascript/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = getADtd() } + deprecated XmlDTD getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -291,7 +291,7 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getUri() { xmlNs(this, _, result, _) } /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = getUri() } + deprecated string getURI() { result = this.getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll index 28818f91bb1f..3b370bb6938a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll @@ -104,7 +104,7 @@ class DomMethodCallExpr extends MethodCallExpr { } /** DEPRECATED: Alias for interpretsArgumentsAsUrl */ - deprecated predicate interpretsArgumentsAsURL(Expr arg) { interpretsArgumentsAsUrl(arg) } + deprecated predicate interpretsArgumentsAsURL(Expr arg) { this.interpretsArgumentsAsUrl(arg) } /** DEPRECATED: Alias for interpretsArgumentsAsHtml */ deprecated predicate interpretsArgumentsAsHTML(Expr arg) { this.interpretsArgumentsAsHtml(arg) } diff --git a/python/ql/lib/semmle/python/xml/XML.qll b/python/ql/lib/semmle/python/xml/XML.qll index ccf8ab5b55f2..5c99a060c2ae 100755 --- a/python/ql/lib/semmle/python/xml/XML.qll +++ b/python/ql/lib/semmle/python/xml/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = getADtd() } + deprecated XmlDTD getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -291,7 +291,7 @@ class XmlNamespace extends XmlLocatable, @xmlnamespace { string getUri() { xmlNs(this, _, result, _) } /** DEPRECATED: Alias for getUri */ - deprecated string getURI() { result = getUri() } + deprecated string getURI() { result = this.getUri() } /** Holds if this namespace has no prefix. */ predicate isDefault() { this.getPrefix() = "" } diff --git a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll index b074aada1433..6ba16ae4a4e2 100644 --- a/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll +++ b/python/ql/src/experimental/semmle/python/frameworks/LDAP.qll @@ -146,7 +146,7 @@ private module Ldap { } /** DEPRECATED: Alias for useSsl */ - deprecated override predicate useSSL() { useSsl() } + deprecated override predicate useSSL() { this.useSsl() } } /** @@ -241,7 +241,7 @@ private module Ldap { } /** DEPRECATED: Alias for useSsl */ - deprecated override predicate useSSL() { useSsl() } + deprecated override predicate useSSL() { this.useSsl() } } /** From 94ec0b8a52692166126a76079b1ae5e52a85cf85 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 18 Aug 2022 15:47:55 +0200 Subject: [PATCH 4/8] update expected output of tests --- .../library-tests/j2objc/OCNIComment.expected | 26 +++++++++---------- .../library-tests/security/OpenSSL.expected | 6 ++--- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/java/ql/test/library-tests/j2objc/OCNIComment.expected b/java/ql/test/library-tests/j2objc/OCNIComment.expected index ddc44f345463..600b2011af51 100644 --- a/java/ql/test/library-tests/j2objc/OCNIComment.expected +++ b/java/ql/test/library-tests/j2objc/OCNIComment.expected @@ -1,13 +1,13 @@ -| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OCNIImport | -| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OCNIComment | -| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OCNIMethodComment | -| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OCNIMethodComment | +| IosRSASignature | 39 | 1 | 60 | 4 | /* -[ ... */ | OcniImport | +| IosRSASignature | 78 | 62 | 80 | 6 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 137 | 3 | 173 | 6 | /* -[ ... */ | OcniComment | +| IosRSASignature | 177 | 62 | 189 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 192 | 82 | 205 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 210 | 62 | 222 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 225 | 82 | 238 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 243 | 62 | 255 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 258 | 82 | 271 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 276 | 62 | 288 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 291 | 82 | 304 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 309 | 62 | 321 | 8 | /* -[ ... */ | OcniMethodComment | +| IosRSASignature | 324 | 82 | 337 | 8 | /* -[ ... */ | OcniMethodComment | diff --git a/ruby/ql/test/library-tests/security/OpenSSL.expected b/ruby/ql/test/library-tests/security/OpenSSL.expected index 9d1fb693f53f..dc92b1a0a984 100644 --- a/ruby/ql/test/library-tests/security/OpenSSL.expected +++ b/ruby/ql/test/library-tests/security/OpenSSL.expected @@ -1,4 +1,4 @@ -weakOpenSSLCipherAlgorithms +weakOpenSslCipherAlgorithms | AES-128-CBC-HMAC-SHA1 | | AES-128-CBC-HMAC-SHA1 | | AES-128-ECB | @@ -93,7 +93,7 @@ weakOpenSSLCipherAlgorithms | SM4-ECB | | SM4-ECB | | gost89-ecb | -strongOpenSSLCipherAlgorithms +strongOpenSslCipherAlgorithms | AES-128-CBC | | AES-128-CBC | | AES-128-CBC | @@ -271,4 +271,4 @@ strongOpenSSLCipherAlgorithms | id-aes256-CCM | | id-aes256-GCM | | id-aes256-GCM | -missingOpenSSLCipherAlgorithms +missingOpenSslCipherAlgorithms From 78ba7650b3e7e6a43ed6394b80e4d58244d83020 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Tue, 23 Aug 2022 07:28:46 +0200 Subject: [PATCH 5/8] change the change-notes --- cpp/ql/lib/change-notes/2022-08-22-xml-rename.md | 2 +- csharp/ql/lib/change-notes/2022-08-22-xml-rename.md | 2 +- java/ql/lib/change-notes/2022-08-22-xml-rename.md | 2 +- javascript/ql/lib/change-notes/2022-08-22-xml-rename.md | 2 +- python/ql/lib/change-notes/2022-08-22-xml-rename.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md b/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md index 8c868cc6a8a4..6b73d2d22507 100644 --- a/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md +++ b/cpp/ql/lib/change-notes/2022-08-22-xml-rename.md @@ -1,5 +1,5 @@ --- category: deprecated --- -* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md b/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md index 8c868cc6a8a4..6b73d2d22507 100644 --- a/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md +++ b/csharp/ql/lib/change-notes/2022-08-22-xml-rename.md @@ -1,5 +1,5 @@ --- category: deprecated --- -* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2022-08-22-xml-rename.md b/java/ql/lib/change-notes/2022-08-22-xml-rename.md index 8c868cc6a8a4..6b73d2d22507 100644 --- a/java/ql/lib/change-notes/2022-08-22-xml-rename.md +++ b/java/ql/lib/change-notes/2022-08-22-xml-rename.md @@ -1,5 +1,5 @@ --- category: deprecated --- -* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md b/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md index 8c868cc6a8a4..6b73d2d22507 100644 --- a/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md +++ b/javascript/ql/lib/change-notes/2022-08-22-xml-rename.md @@ -1,5 +1,5 @@ --- category: deprecated --- -* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2022-08-22-xml-rename.md b/python/ql/lib/change-notes/2022-08-22-xml-rename.md index 8c868cc6a8a4..6b73d2d22507 100644 --- a/python/ql/lib/change-notes/2022-08-22-xml-rename.md +++ b/python/ql/lib/change-notes/2022-08-22-xml-rename.md @@ -1,5 +1,5 @@ --- category: deprecated --- -* Classes/predicates that had upper-case acronym XML in their name have been renamed to Xml to follow our style-guide. +* Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide. The old name still exists as a deprecated alias. \ No newline at end of file From 7704a9eeacf333d7feaff533e9890ed3f7242dad Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Tue, 23 Aug 2022 10:38:10 +0200 Subject: [PATCH 6/8] apply suggestions from Python review Co-authored-by: Rasmus Wriedt Larsen --- python/ql/lib/semmle/python/frameworks/Stdlib.qll | 2 +- python/ql/src/Security/CWE-327/PyOpenSSL.qll | 9 --------- python/ql/src/Security/CWE-327/Ssl.qll | 12 ------------ 3 files changed, 1 insertion(+), 22 deletions(-) diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index eba6df5c1862..3ba54a417187 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -1845,7 +1845,7 @@ private module StdlibPrivate { deprecated module SimpleHTTPServer = SimpleHttpServer; // --------------------------------------------------------------------------- - // CgiHttpServer (Python 2 only) + // CGIHTTPServer (Python 2 only) // --------------------------------------------------------------------------- /** Gets a reference to the `CGIHTTPServer` module. */ API::Node cgiHttpServer() { result = API::moduleImport("CGIHTTPServer") } diff --git a/python/ql/src/Security/CWE-327/PyOpenSSL.qll b/python/ql/src/Security/CWE-327/PyOpenSSL.qll index f967333aa347..0cb4828084fa 100644 --- a/python/ql/src/Security/CWE-327/PyOpenSSL.qll +++ b/python/ql/src/Security/CWE-327/PyOpenSSL.qll @@ -24,9 +24,6 @@ class PyOpenSslContextCreation extends ContextCreation, DataFlow::CallCfgNode { } } -/** DEPRECATED: Alias for PyOpenSslContextCreation */ -deprecated class PyOpenSSLContextCreation = PyOpenSslContextCreation; - class ConnectionCall extends ConnectionCreation, DataFlow::CallCfgNode { ConnectionCall() { this = API::moduleImport("OpenSSL").getMember("SSL").getMember("Connection").getACall() @@ -58,9 +55,6 @@ class UnspecificPyOpenSslContextCreation extends PyOpenSslContextCreation, Unspe UnspecificPyOpenSslContextCreation() { library instanceof PyOpenSsl } } -/** DEPRECATED: Alias for UnspecificPyOpenSslContextCreation */ -deprecated class UnspecificPyOpenSSLContextCreation = UnspecificPyOpenSslContextCreation; - class PyOpenSsl extends TlsLibrary { PyOpenSsl() { this = "pyOpenSSL" } @@ -89,6 +83,3 @@ class PyOpenSsl extends TlsLibrary { result instanceof UnspecificPyOpenSslContextCreation } } - -/** DEPRECATED: Alias for PyOpenSsl */ -deprecated class PyOpenSSL = PyOpenSsl; diff --git a/python/ql/src/Security/CWE-327/Ssl.qll b/python/ql/src/Security/CWE-327/Ssl.qll index 03a98c2420a8..ec2d70766d55 100644 --- a/python/ql/src/Security/CWE-327/Ssl.qll +++ b/python/ql/src/Security/CWE-327/Ssl.qll @@ -27,9 +27,6 @@ class SslContextCreation extends ContextCreation, DataFlow::CallCfgNode { } } -/** DEPRECATED: Alias for SslContextCreation */ -deprecated class SSLContextCreation = SslContextCreation; - class SslDefaultContextCreation extends ContextCreation { SslDefaultContextCreation() { this = API::moduleImport("ssl").getMember("create_default_context").getACall() @@ -40,9 +37,6 @@ class SslDefaultContextCreation extends ContextCreation { override string getProtocol() { result = "TLS" } } -/** DEPRECATED: Alias for SslDefaultContextCreation */ -deprecated class SSLDefaultContextCreation = SslDefaultContextCreation; - /** Gets a reference to an `ssl.Context` instance. */ API::Node sslContextInstance() { result = API::moduleImport("ssl").getMember(["SSLContext", "create_default_context"]).getReturn() @@ -178,9 +172,6 @@ class UnspecificSslContextCreation extends SslContextCreation, UnspecificContext } } -/** DEPRECATED: Alias for UnspecificSslContextCreation */ -deprecated class UnspecificSSLContextCreation = UnspecificSslContextCreation; - class UnspecificSslDefaultContextCreation extends SslDefaultContextCreation, ProtocolUnrestriction { override DataFlow::Node getContext() { result = this } @@ -190,9 +181,6 @@ class UnspecificSslDefaultContextCreation extends SslDefaultContextCreation, Pro } } -/** DEPRECATED: Alias for UnspecificSslDefaultContextCreation */ -deprecated class UnspecificSSLDefaultContextCreation = UnspecificSslDefaultContextCreation; - class Ssl extends TlsLibrary { Ssl() { this = "ssl" } From 82d9180892314c87e6e778f209edea1c26efcd59 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Tue, 23 Aug 2022 10:30:44 +0200 Subject: [PATCH 7/8] only have one deprecated alias for XmlDtd --- cpp/ql/lib/semmle/code/cpp/XML.qll | 7 ++----- csharp/ql/lib/semmle/code/csharp/XML.qll | 7 ++----- java/ql/lib/semmle/code/xml/XML.qll | 7 ++----- javascript/ql/lib/semmle/javascript/XML.qll | 7 ++----- python/ql/lib/semmle/python/xml/XML.qll | 7 ++----- 5 files changed, 10 insertions(+), 25 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/XML.qll b/cpp/ql/lib/semmle/code/cpp/XML.qll index 5c99a060c2ae..d74129d425ed 100755 --- a/cpp/ql/lib/semmle/code/cpp/XML.qll +++ b/cpp/ql/lib/semmle/code/cpp/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = this.getADtd() } + deprecated XmlDtd getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -178,10 +178,7 @@ class XmlDtd extends XmlLocatable, @xmldtd { } /** DEPRECATED: Alias for XmlDtd */ -deprecated class XmlDTD = XmlDtd; - -/** DEPRECATED: Alias for XmlDtd */ -deprecated class XMLDTD = XmlDTD; +deprecated class XMLDTD = XmlDtd; /** * An XML element in an XML file. diff --git a/csharp/ql/lib/semmle/code/csharp/XML.qll b/csharp/ql/lib/semmle/code/csharp/XML.qll index 5c99a060c2ae..d74129d425ed 100755 --- a/csharp/ql/lib/semmle/code/csharp/XML.qll +++ b/csharp/ql/lib/semmle/code/csharp/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = this.getADtd() } + deprecated XmlDtd getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -178,10 +178,7 @@ class XmlDtd extends XmlLocatable, @xmldtd { } /** DEPRECATED: Alias for XmlDtd */ -deprecated class XmlDTD = XmlDtd; - -/** DEPRECATED: Alias for XmlDtd */ -deprecated class XMLDTD = XmlDTD; +deprecated class XMLDTD = XmlDtd; /** * An XML element in an XML file. diff --git a/java/ql/lib/semmle/code/xml/XML.qll b/java/ql/lib/semmle/code/xml/XML.qll index 5c99a060c2ae..d74129d425ed 100755 --- a/java/ql/lib/semmle/code/xml/XML.qll +++ b/java/ql/lib/semmle/code/xml/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = this.getADtd() } + deprecated XmlDtd getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -178,10 +178,7 @@ class XmlDtd extends XmlLocatable, @xmldtd { } /** DEPRECATED: Alias for XmlDtd */ -deprecated class XmlDTD = XmlDtd; - -/** DEPRECATED: Alias for XmlDtd */ -deprecated class XMLDTD = XmlDTD; +deprecated class XMLDTD = XmlDtd; /** * An XML element in an XML file. diff --git a/javascript/ql/lib/semmle/javascript/XML.qll b/javascript/ql/lib/semmle/javascript/XML.qll index 5c99a060c2ae..d74129d425ed 100755 --- a/javascript/ql/lib/semmle/javascript/XML.qll +++ b/javascript/ql/lib/semmle/javascript/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = this.getADtd() } + deprecated XmlDtd getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -178,10 +178,7 @@ class XmlDtd extends XmlLocatable, @xmldtd { } /** DEPRECATED: Alias for XmlDtd */ -deprecated class XmlDTD = XmlDtd; - -/** DEPRECATED: Alias for XmlDtd */ -deprecated class XMLDTD = XmlDTD; +deprecated class XMLDTD = XmlDtd; /** * An XML element in an XML file. diff --git a/python/ql/lib/semmle/python/xml/XML.qll b/python/ql/lib/semmle/python/xml/XML.qll index 5c99a060c2ae..d74129d425ed 100755 --- a/python/ql/lib/semmle/python/xml/XML.qll +++ b/python/ql/lib/semmle/python/xml/XML.qll @@ -135,7 +135,7 @@ class XmlFile extends XmlParent, File { XmlDtd getADtd() { xmlDTDs(result, _, _, _, this) } /** DEPRECATED: Alias for getADtd */ - deprecated XmlDTD getADTD() { result = this.getADtd() } + deprecated XmlDtd getADTD() { result = this.getADtd() } } /** DEPRECATED: Alias for XmlFile */ @@ -178,10 +178,7 @@ class XmlDtd extends XmlLocatable, @xmldtd { } /** DEPRECATED: Alias for XmlDtd */ -deprecated class XmlDTD = XmlDtd; - -/** DEPRECATED: Alias for XmlDtd */ -deprecated class XMLDTD = XmlDTD; +deprecated class XMLDTD = XmlDtd; /** * An XML element in an XML file. From 82a5b7838ce701de65549068a148bdc7a860e555 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Tue, 23 Aug 2022 10:33:17 +0200 Subject: [PATCH 8/8] don't add deprecated alias in experimental folder --- java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll | 3 --- 1 file changed, 3 deletions(-) diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll index 3d54e85e5f1d..93803cdf4c7c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll @@ -97,6 +97,3 @@ class UnsafeTlsVersion extends StringLiteral { class SslServerSocket extends RefType { SslServerSocket() { hasQualifiedName("javax.net.ssl", "SSLServerSocket") } } - -/** DEPRECATED: Alias for SslServerSocket */ -deprecated class SSLServerSocket = SslServerSocket;