From 9b2b34c66a2d0280878b06611c013df9013cc827 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 20 Dec 2024 15:01:19 +0100 Subject: [PATCH 1/2] JS: Add deprecation qldoc to Configuration classes --- .../lib/semmle/javascript/dataflow/Configuration.qll | 9 +++++++++ .../lib/semmle/javascript/dataflow/TaintTracking.qll | 11 +++++++++++ 2 files changed, 20 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index bb032596475e..5cfc304398bc 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -76,6 +76,15 @@ private import semmle.javascript.internal.CachedStages private import AdditionalFlowSteps /** + * DEPRECATED. + * Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface. + * See the [data flow guide](https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#using-global-data-flow) + * for details about how to use this new interface. + * + * Data flow configurations that used the `FlowLabel` class should be translated to use the `StateConfigSig` interface. + * See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details. + * + * #### Legacy documentation * A data flow tracking configuration for finding inter-procedural paths from * sources to sinks. * diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 7f8094caa4b2..40fba3ba4cf0 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -27,6 +27,17 @@ module TaintTracking { import AdditionalTaintSteps /** + * DEPRECATED. + * Subclasses of this class should be replaced by a module implementing the new `ConfigSig` or `StateConfigSig` interface. + * See the [data flow guide](https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#using-global-taint-tracking) + * for details about how to use this new interface. + * + * When migrating a `TaintTracking::Configuration` to `DataFlow::ConfigSig`, use `TaintTracking::Global<...>` instead of `DataFlow::Global<...>`. + * + * Taint-tracking configurations that used the `FlowLabel` class should be translated to use the `StateConfigSig` interface. + * See [guide on using flow state](https://codeql.github.com/docs/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis) for more details. + * + * #### Legacy documentation * A data flow tracking configuration that considers taint propagation through * objects, arrays, promises and strings in addition to standard data flow. * From db9cc1885e29cf07e752dc15fb50e6f35e29b8fa Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 3 Jan 2025 11:28:14 +0100 Subject: [PATCH 2/2] JS: Remove notes about changing API in the future --- .../ql/lib/semmle/javascript/dataflow/Configuration.qll | 4 ---- .../ql/lib/semmle/javascript/dataflow/TaintTracking.qll | 3 --- 2 files changed, 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 5cfc304398bc..f9eff85feb3a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -6,10 +6,6 @@ * Additional data flow edges can be specified, and conversely certain nodes or * edges can be designated as _barriers_ that block flow. * - * NOTE: The API of this library is not stable yet and may change in - * the future. - * - * * # Technical overview * * This module implements a summarization-based inter-procedural data flow diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 40fba3ba4cf0..6609367ec491 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -8,9 +8,6 @@ * substrings. As for data flow configurations, additional flow edges can be * specified, and conversely certain nodes or edges can be designated as taint * _sanitizers_ that block flow. - * - * NOTE: The API of this library is not stable yet and may change in - * the future. */ import javascript