Python: deprecate old taint-tracking related predicates

RasmusWL · RasmusWL · commit 5a032d6f84e0 · 2022-02-04T12:02:08.000+01:00
diff --git a/python/ql/lib/semmle/python/security/Paths.qll b/python/ql/lib/semmle/python/security/Paths.qll
@@ -1,6 +1,6 @@
 import semmle.python.dataflow.Implementation
 
-module TaintTrackingPaths {
+deprecated module TaintTrackingPaths {
   predicate edge(TaintTrackingNode src, TaintTrackingNode dest, string label) {
     exists(TaintTrackingNode source, TaintTrackingNode sink |
       source.getConfiguration().hasFlowPath(source, sink) and
@@ -11,6 +11,6 @@ module TaintTrackingPaths {
   }
 }
 
-query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {
+deprecated query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {
   TaintTrackingPaths::edge(fromnode, tonode, _)
 }
diff --git a/python/ql/lib/semmle/python/security/flow/AnyCall.qll b/python/ql/lib/semmle/python/security/flow/AnyCall.qll
@@ -2,7 +2,7 @@ import python
 import semmle.python.security.strings.Basic
 
 /** Assume that taint flows from argument to result for *any* call */
-class AnyCallStringFlow extends DataFlowExtension::DataFlowNode {
+deprecated class AnyCallStringFlow extends DataFlowExtension::DataFlowNode {
   AnyCallStringFlow() { any(CallNode call).getAnArg() = this }
 
   override ControlFlowNode getASuccessorNode() { result.(CallNode).getAnArg() = this }
diff --git a/python/ql/lib/semmle/python/security/strings/Basic.qll b/python/ql/lib/semmle/python/security/strings/Basic.qll
@@ -3,7 +3,7 @@ private import Common
 import semmle.python.dataflow.TaintTracking
 
 /** An extensible kind of taint representing any kind of string. */
-abstract class StringKind extends TaintKind {
+abstract deprecated class StringKind extends TaintKind {
   bindingset[this]
   StringKind() { this = this }
 
@@ -42,7 +42,7 @@ abstract class StringKind extends TaintKind {
   }
 }
 
-private class StringEqualitySanitizer extends Sanitizer {
+deprecated private class StringEqualitySanitizer extends Sanitizer {
   StringEqualitySanitizer() { this = "string equality sanitizer" }
 
   /** The test `if untrusted == "KNOWN_VALUE":` sanitizes `untrusted` on its `true` edge. */
@@ -64,13 +64,13 @@ private class StringEqualitySanitizer extends Sanitizer {
 }
 
 /** tonode = ....format(fromnode) */
-private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {
   tonode.getFunction().(AttrNode).getName() = "format" and
   tonode.getAnArg() = fromnode
 }
 
 /** tonode = codec.[en|de]code(fromnode) */
-private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
   exists(FunctionObject func, string name |
     not func.getFunction().isMethod() and
     func.getACall() = tonode and
@@ -84,7 +84,7 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {
 }
 
 /** tonode = str(fromnode) */
-private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
   tonode.getAnArg() = fromnode and
   (
     tonode = ClassValue::bytes().getACall()
@@ -94,7 +94,7 @@ private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {
 }
 
 /** tonode = fromnode[:] */
-private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {
+deprecated private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {
   exists(Slice all |
     all = tonode.getIndex().getNode() and
     not exists(all.getStart()) and
@@ -104,13 +104,13 @@ private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {
 }
 
 /** tonode = os.path.join(..., fromnode, ...) */
-private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {
   tonode = Value::named("os.path.join").getACall() and
   tonode.getAnArg() = fromnode
 }
 
 /** tonode = f"... {fromnode} ..." */
-private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {
+deprecated private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {
   tonode.getNode().(Fstring).getAValue() = fromnode.getNode()
 }
 
@@ -119,6 +119,6 @@ private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {
  *
  * DEPRECATED: Use `ExternalStringDictKind` instead.
  */
-deprecated class StringDictKind extends DictKind {
+deprecated deprecated class StringDictKind extends DictKind {
   StringDictKind() { this.getValue() instanceof StringKind }
 }
diff --git a/python/ql/lib/semmle/python/security/strings/Common.qll b/python/ql/lib/semmle/python/security/strings/Common.qll
@@ -1,7 +1,7 @@
 import python
 
 /* A call that returns a copy (or similar) of the argument */
-predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
+deprecated predicate copy_call(ControlFlowNode fromnode, CallNode tonode) {
   tonode.getFunction().(AttrNode).getObject("copy") = fromnode
   or
   exists(ModuleValue copy, string name | name = "copy" or name = "deepcopy" |
diff --git a/python/ql/lib/semmle/python/security/strings/External.qll b/python/ql/lib/semmle/python/security/strings/External.qll
@@ -5,7 +5,7 @@ private import Common
 /**
  * An extensible kind of taint representing an externally controlled string.
  */
-abstract class ExternalStringKind extends StringKind {
+abstract deprecated class ExternalStringKind extends StringKind {
   bindingset[this]
   ExternalStringKind() { this = this }
 
@@ -30,15 +30,15 @@ abstract class ExternalStringKind extends StringKind {
 }
 
 /** A kind of "taint", representing a sequence, with a "taint" member */
-class ExternalStringSequenceKind extends SequenceKind {
+deprecated class ExternalStringSequenceKind extends SequenceKind {
   ExternalStringSequenceKind() { this.getItem() instanceof ExternalStringKind }
 }
 
 /**
  * An hierachical dictionary or list where the entire structure is externally controlled
  * This is typically a parsed JSON object.
  */
-class ExternalJsonKind extends TaintKind {
+deprecated class ExternalJsonKind extends TaintKind {
   ExternalJsonKind() { this = "json[" + any(ExternalStringKind key) + "]" }
 
   /** Gets the taint kind for item in this sequence */
@@ -61,20 +61,20 @@ class ExternalJsonKind extends TaintKind {
 }
 
 /** A kind of "taint", representing a dictionary mapping keys to tainted strings. */
-class ExternalStringDictKind extends DictKind {
+deprecated class ExternalStringDictKind extends DictKind {
   ExternalStringDictKind() { this.getValue() instanceof ExternalStringKind }
 }
 
 /**
  * A kind of "taint", representing a dictionary mapping keys to sequences of
  *  tainted strings.
  */
-class ExternalStringSequenceDictKind extends DictKind {
+deprecated class ExternalStringSequenceDictKind extends DictKind {
   ExternalStringSequenceDictKind() { this.getValue() instanceof ExternalStringSequenceKind }
 }
 
 /** TaintKind for the result of `urlsplit(tainted_string)` */
-class ExternalUrlSplitResult extends ExternalStringSequenceKind {
+deprecated class ExternalUrlSplitResult extends ExternalStringSequenceKind {
   // https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlsplit
   override TaintKind getTaintOfAttribute(string name) {
     result = super.getTaintOfAttribute(name)
@@ -103,7 +103,7 @@ class ExternalUrlSplitResult extends ExternalStringSequenceKind {
 }
 
 /** TaintKind for the result of `urlparse(tainted_string)` */
-class ExternalUrlParseResult extends ExternalStringSequenceKind {
+deprecated class ExternalUrlParseResult extends ExternalStringSequenceKind {
   // https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse
   override TaintKind getTaintOfAttribute(string name) {
     result = super.getTaintOfAttribute(name)
@@ -134,20 +134,20 @@ class ExternalUrlParseResult extends ExternalStringSequenceKind {
 
 /* Helper for getTaintForStep() */
 pragma[noinline]
-private predicate json_subscript_taint(
+deprecated deprecated private predicate json_subscript_taint(
   SubscriptNode sub, ControlFlowNode obj, ExternalJsonKind seq, TaintKind key
 ) {
   sub.isLoad() and
   sub.getObject() = obj and
   key = seq.getValue()
 }
 
-private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate json_load(ControlFlowNode fromnode, CallNode tonode) {
   tonode = Value::named("json.loads").getACall() and
   tonode.getArg(0) = fromnode
 }
 
-private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {
   // This could be implemented as `exists(FunctionValue` without the explicit six part,
   // but then our tests will need to import +100 modules, so for now this slightly
   // altered version gets to live on.
@@ -166,7 +166,7 @@ private predicate urlsplit(ControlFlowNode fromnode, CallNode tonode) {
   )
 }
 
-private predicate urlparse(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate urlparse(ControlFlowNode fromnode, CallNode tonode) {
   // This could be implemented as `exists(FunctionValue` without the explicit six part,
   // but then our tests will need to import +100 modules, so for now this slightly
   // altered version gets to live on.
@@ -185,7 +185,7 @@ private predicate urlparse(ControlFlowNode fromnode, CallNode tonode) {
   )
 }
 
-private predicate parse_qs(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate parse_qs(ControlFlowNode fromnode, CallNode tonode) {
   // This could be implemented as `exists(FunctionValue` without the explicit six part,
   // but then our tests will need to import +100 modules, so for now this slightly
   // altered version gets to live on.
@@ -211,7 +211,7 @@ private predicate parse_qs(ControlFlowNode fromnode, CallNode tonode) {
   )
 }
 
-private predicate parse_qsl(ControlFlowNode fromnode, CallNode tonode) {
+deprecated private predicate parse_qsl(ControlFlowNode fromnode, CallNode tonode) {
   // This could be implemented as `exists(FunctionValue` without the explicit six part,
   // but then our tests will need to import +100 modules, so for now this slightly
   // altered version gets to live on.
@@ -238,7 +238,7 @@ private predicate parse_qsl(ControlFlowNode fromnode, CallNode tonode) {
 }
 
 /** A kind of "taint", representing an open file-like object from an external source. */
-class ExternalFileObject extends TaintKind {
+deprecated class ExternalFileObject extends TaintKind {
   ExternalStringKind valueKind;
 
   ExternalFileObject() { this = "file[" + valueKind + "]" }
@@ -266,7 +266,7 @@ class ExternalFileObject extends TaintKind {
  * - `if splitres.netloc == "KNOWN_VALUE"`
  * - `if splitres[0] == "KNOWN_VALUE"`
  */
-class UrlsplitUrlparseTempSanitizer extends Sanitizer {
+deprecated class UrlsplitUrlparseTempSanitizer extends Sanitizer {
   // TODO: remove this once we have better support for named tuples
   UrlsplitUrlparseTempSanitizer() { this = "UrlsplitUrlparseTempSanitizer" }
 
diff --git a/python/ql/lib/semmle/python/security/strings/Untrusted.qll b/python/ql/lib/semmle/python/security/strings/Untrusted.qll
@@ -5,6 +5,6 @@ import External
  * A kind of taint representing an externally controlled string.
  * This class is a simple sub-class of `ExternalStringKind`.
  */
-class UntrustedStringKind extends ExternalStringKind {
+deprecated class UntrustedStringKind extends ExternalStringKind {
   UntrustedStringKind() { this = "externally controlled string" }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`import semmle.python.dataflow.Implementation`
`2`	`2`
`3`		`-module TaintTrackingPaths {`
	`3`	`+deprecated module TaintTrackingPaths {`
`4`	`4`	`predicate edge(TaintTrackingNode src, TaintTrackingNode dest, string label) {`
`5`	`5`	`exists(TaintTrackingNode source, TaintTrackingNode sink \|`
`6`	`6`	`source.getConfiguration().hasFlowPath(source, sink) and`
`@@ -11,6 +11,6 @@ module TaintTrackingPaths {`
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`
`14`		`-query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {`
	`14`	`+deprecated query predicate edges(TaintTrackingNode fromnode, TaintTrackingNode tonode) {`
`15`	`15`	`TaintTrackingPaths::edge(fromnode, tonode, _)`
`16`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ private import Common`
`3`	`3`	`import semmle.python.dataflow.TaintTracking`
`4`	`4`
`5`	`5`	`/** An extensible kind of taint representing any kind of string. */`
`6`		`-abstract class StringKind extends TaintKind {`
	`6`	`+abstract deprecated class StringKind extends TaintKind {`
`7`	`7`	`bindingset[this]`
`8`	`8`	`StringKind() { this = this }`
`9`	`9`
`@@ -42,7 +42,7 @@ abstract class StringKind extends TaintKind {`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`
`45`		`-private class StringEqualitySanitizer extends Sanitizer {`
	`45`	`+deprecated private class StringEqualitySanitizer extends Sanitizer {`
`46`	`46`	`StringEqualitySanitizer() { this = "string equality sanitizer" }`
`47`	`47`
`48`	`48`	/** The test `if untrusted == "KNOWN_VALUE":` sanitizes `untrusted` on its `true` edge. */
`@@ -64,13 +64,13 @@ private class StringEqualitySanitizer extends Sanitizer {`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`/** tonode = ....format(fromnode) */`
`67`		`-private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {`
	`67`	`+deprecated private predicate str_format(ControlFlowNode fromnode, CallNode tonode) {`
`68`	`68`	`tonode.getFunction().(AttrNode).getName() = "format" and`
`69`	`69`	`tonode.getAnArg() = fromnode`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`/** tonode = codec.[en\|de]code(fromnode) */`
`73`		`-private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {`
	`73`	`+deprecated private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {`
`74`	`74`	`exists(FunctionObject func, string name \|`
`75`	`75`	`not func.getFunction().isMethod() and`
`76`	`76`	`func.getACall() = tonode and`
`@@ -84,7 +84,7 @@ private predicate encode_decode(ControlFlowNode fromnode, CallNode tonode) {`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`/** tonode = str(fromnode) */`
`87`		`-private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {`
	`87`	`+deprecated private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {`
`88`	`88`	`tonode.getAnArg() = fromnode and`
`89`	`89`	`(`
`90`	`90`	`tonode = ClassValue::bytes().getACall()`
`@@ -94,7 +94,7 @@ private predicate to_str(ControlFlowNode fromnode, CallNode tonode) {`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`/** tonode = fromnode[:] */`
`97`		`-private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {`
	`97`	`+deprecated private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {`
`98`	`98`	`exists(Slice all \|`
`99`	`99`	`all = tonode.getIndex().getNode() and`
`100`	`100`	`not exists(all.getStart()) and`
`@@ -104,13 +104,13 @@ private predicate slice(ControlFlowNode fromnode, SubscriptNode tonode) {`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`/** tonode = os.path.join(..., fromnode, ...) */`
`107`		`-private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {`
	`107`	`+deprecated private predicate os_path_join(ControlFlowNode fromnode, CallNode tonode) {`
`108`	`108`	`tonode = Value::named("os.path.join").getACall() and`
`109`	`109`	`tonode.getAnArg() = fromnode`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`/** tonode = f"... {fromnode} ..." */`
`113`		`-private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {`
	`113`	`+deprecated private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {`
`114`	`114`	`tonode.getNode().(Fstring).getAValue() = fromnode.getNode()`
`115`	`115`	`}`
`116`	`116`
`@@ -119,6 +119,6 @@ private predicate f_string(ControlFlowNode fromnode, ControlFlowNode tonode) {`
`119`	`119`	`*`
`120`	`120`	* DEPRECATED: Use `ExternalStringDictKind` instead.
`121`	`121`	`*/`
`122`		`-deprecated class StringDictKind extends DictKind {`
	`122`	`+deprecated deprecated class StringDictKind extends DictKind {`
`123`	`123`	`StringDictKind() { this.getValue() instanceof StringKind }`
`124`	`124`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,6 @@ import External`
`5`	`5`	`* A kind of taint representing an externally controlled string.`
`6`	`6`	* This class is a simple sub-class of `ExternalStringKind`.
`7`	`7`	`*/`
`8`		`-class UntrustedStringKind extends ExternalStringKind {`
	`8`	`+deprecated class UntrustedStringKind extends ExternalStringKind {`
`9`	`9`	`UntrustedStringKind() { this = "externally controlled string" }`
`10`	`10`	`}`